ContentWatch Security Blog

Viewing entries tagged with '$

Fri

Nov 9, '12

Which Android Apps Are Safe?

I have always heard stories about new Android security issues, but to be honest, I usually ignore them and chalk them up to “some guy installed a random rogue app and it stole his contact list.” Typically, my philosophy has been just don’t install random apps or apps from non-reputable sources, and you don’t have anything to worry about, but I have recently found out that many Android exploits, which take advantage of security flaws, can also be found in popular or well-known apps available from legitimate marketplaces.

Wed

Nov 2, '11

The Impact of BYOD on Your IT Dept.

It's really not a good idea, on so many fronts, to let employees "Bring Your Own Device" (BYOD) to work.  By this, I refer to employees buying and using their personal smart phone and/or tablet at work, in many cases, to do work.  Some of the inherent challenges include productivity loss, security risks, data loss, liability risks, and device management challenges.  

Sure, it saves money to let employees spend on the devices.  And, the need to be mobile is growing. Forrester Research predicts that as many as 60 percent of information workers will work in a location away from their office during a typical workweek. Mobility is key to the future.

Mandating that employees own specific company-approved devices won't get you very far in many cases. Phones are kind of like cars. Employees pick the device that represents their personality, fulfills their needs, and feels good to use. If an employee chooses their device, the IT group will struggle to keep the large number of disparate devices supported and up-to-date with the latest company policies and apps.

Also, IT guys are used to three to five year upgrade cycles with laptops and desktops. Most people upgrade their phone about every eighteen months. This constant flux will keep IT hopping.

What's more, mobile device users are accustomed to installing apps ad hoc, anytime.  The iTunes Store and the Android Market have programmed us to be on-demand driven. Employees will hope to do the same and IT will have to manage updates just like iTunes and the Market.

Malware protection and antivirus solutions exist, but they haven’t been widely used yet. If you allow employees to BYOD, that usage policy needs to change.

In addition, your organization will need to govern what types of data can be stored and used on an employee's mobile device. Consider how easy it is to lose your customer list or your patient's health history.  What happens if the phone or tablet is lost or stolen?  Can you lock it down to avoid data loss?

BYOD is going to have to be managed in the very near term.  We are looking for and developing solutions to resolve the challenges mentioned here.

Thu

May 19, '11

Ratings are not enough for mobile apps

A few recent articles discuss CTIA's call for a unified "rating" system for mobile apps. Note: CTIA is the Cellular Telecommunications Internet Association, a nonprofit that includes wireless carriers and suppliers of wireless data products and services.  The articles are informative and interesting but the rating system is still in discussion phase.

Rating systems are a practical method to help set expectations. Most are familiar with the Motion Picture Association of America's rating system for movies (NR, R, PG-13, PG, and G) and perhaps somewhat less familiar with the Entertainment Software Rating Board (ESRB) system of rating video games. 

The mobile app rating initiative is a noble venture. Parents would be enabled to make educated decisions about the apps their children want. Even though most app markets have a version of content ratings, the system needs improvement. For example, in the Android market, you won't see a content rating until you tap the “More drop-down box to get a complete description of the app. Unless a parent is conscious of its location, a rating will go unnoticed. I wasn't even aware of these ratings until I read an article discussing the new system.  I consider myself fairly informed, too.

The nice thing about the MPAA and ESRB is that when kids go get to a point of sale at the movie theater or retail store, they should be stopped by the clerk prior to purchasing mature content.  In the world of smartphones and tablets, however, there is no one waiting at checkout asking for proof of age.

More important is the issue that unless app management software is installed on a smartphone, a parent won't truly know what apps are installed. Consumers are likely to revolt if asked to indicate their age somehow on their device. This is due to privacy concerns, and even recent lawsuits against Google and Apple regarding location tracking.

A unified rating system would be well received but given the complexity of enforcing the rules, it would seem impossible to protect identities and block mature content without the aid of some type of smartphone app manager.  An app manager should be able to block downloads of mature applications, alert parents when downloads have been attempted, and describe the downloaded content.

I hope the CTIA is able to introduce a well designed rating system, but I also think it's important for consumers to recognize that it's only one tool in an overall solution. Without an app manager, kids will sneak past faster than they do at the movie theater.