Appolicious powers Verizon Educational Tools

Smartphone users barely aware of potential security risks

by Phil Hornshaw

Smartphone users have only a slight inkling that their phones are vulnerable to the same security risks from which personal computers can suffer.

That’s according to a recent poll of 1,600 smartphone owners from across Europe by security firm Kaspersky, which found that 27 percent of those polled were "highly concerned" about security on their handheld devices, PC World reported. Respondents came from the U.K., France, Spain, Italy and Germany.

The poll also found that of the 1,600 respondents, nearly a third kept sensitive information like bank PINs on their phones and used the devices for banking and other potentially vulnerable activities. Of that third with potentially volatile personal information stored on their phones, only about half were aware of anti-virus software available for smartphones, and only about one in 10 actually used it.

That’s interesting, considering a large malware attack Android suffered last week. Google (GOOG) identified as many as 50 apps that were secretly pushing malware onto phones with the apps downloaded, and those security breaches were being used to open the phones to additional breaches.

Since finding the apps, Google has removed them from its Android Market and also used a remote “kill switch” that allowed the company to forcibly remove downloaded apps from infected handsets, according to a story from Ars Technica. The vulnerability the apps exploited can be fixed with the Android 2.2.2 update, Google has said, but the nature of Android means that not every user has a handset running a later version of Android -- so the vulnerability can remain.

Google is currently working on a software patch to plug the hole and is also sending out emails to affected users. But while Google can create a patch, it doesn't distribute it – carriers and handset manufacturers do. This means it's very possible the patch won't make it to everyone affected. Android is also handicapped by the Market’s openness, which is a selling point in comparison to Apple’s (AAPL) iOS platform for the iPhone and iPad, but leaves the Market open to attacks such as these.

Things aren’t necessarily hunky-dory over on the iPhone, though. While Apple screens its apps, it’s clear that 350,000 apps in the iTunes App Store couldn’t possibly have been all checked so thoroughly that the company can guarantee that there’s nothing malicious hidden in the iPhone apps’ ranks.

As a study showed last year, Android owners can protect themselves at least a little bit by paying attention to what apps are accessing the Internet and other systems on a user's phone. A great feature of Android is that an app has to clear with the user what it plans to access, and these items are enumerated in a push notification. The user has the chance to vet the app – for example, a game doesn't necessarily need access to other apps, and a wallpaper app shouldn't necessarily need access to the Internet. It takes a little research to see what an app is actually trying to do with asking for access, but it's also at least a little easier to limit an app's access on Android than it is on iOS.

Meanwhile, users should inquire about Android 2.2.2 with their carriers and handset manufacturers, and pay attention to what their apps are up to. Anti-virus software, at this point, is pretty limited in its capabilities, since Android viruses haven't really been identified yet. Android owners interested in some security help can check out Lookout, a free app that adds several security considerations to Android phones.