Go Back   Tech Support Forum > Security Center > Computer Security News

User Tag List

Smartphone app stores should standardise security, EU Agency says

This is a discussion on Smartphone app stores should standardise security, EU Agency says within the Computer Security News forums, part of the Tech Support Forum category. Smartphone platforms and the app stores that serve them should conform to an agreed, industry-wide set of security principles in


Closed Thread
 
Thread Tools Search this Thread
Old 09-13-2011, 12:26 PM   #1
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Smartphone platforms and the app stores that serve them should conform to an agreed, industry-wide set of security principles in order to safeguard their users, a new report from EU cybersecurity agency ENISA has argued.

Most of the ENISA’s (European Network and Information Security Agency) ‘five lines of defence’ in its paper Appstore Security will sound uncontroversial, starting the importance of a security architecture that sandboxes applications on the device, and that apps install with a ‘kill switch’, a means for platform providers to de-install those later deemed insecure.

The Agency is also keen on thorough app review, a vetting process that apps should undergo before being posted on download stores, backed up by a comprehensive reputation mechanism and certificate system for developers creating apps.

The fifth recommendation - that platforms restrict from which sites users can download apps in walled gardens – is more contentious because it runs counter to the model pursued by Google, which allows third-party sites in addition to its own Market.

The report stops short of analysing each of the major smartphone app stores against its security criteria, or even suggesting that any of them might be deficient, but the current relative weakness of Android against these criteria is clear.

“Different smartphone platforms and different app stores currently address malware and insecure apps differently, which for consumers can be confusing,” the authors note. “Without overlooking the differences between the various smartphones models and appstores, we recommend an industry-wide approach to addressing malware and insecure apps.”

Many of Google’s publicised security problems have originated with third-party download sites and to some extent poor app vetting, which stem from its more open model. In July, an analysis by the CEO of security company Trusteer, Mickey Boodaei, criticised Google for its confused system for reporting rogue apps and poor response times when reports are made by security companies.

The Agency suggests that the industry come up with a cross-platform reputation system that works across app stores but this seems unlikely to come to pass. Apple’s heavily vetted App Store is seen by that company as a major competitive advantage; making life more secure for its rivals is hardly going to be a big priority.

The Agency’s argument for a combined system is that, in the long run, individual reputation systems, even walled gardens such as Apple’s could be vulnerable to attacks that seek to circumvent their security procedures.

The report’s biggest conclusion is that app stores vary considerably from vendor to vendor in terms of security, subtly differences that might not be obvious to end users in the absence of widespread attacks.

As the report points out, major attacks against smartphones are still the exception and “pales in comparison with PCs,” but that draws attention to the potential for the mobile age to plug the security mistakes of the past.

With the PCs, the primary point of attack was on the device itself whereas in the mobile world what happens on the device is controlled to a large extent by the platform provider and the architecture of the app store. The app store is in the front line of any security battle in a way no vendor website could have been.


Smartphone app stores should standardise security, EU Agency says - Techworld.com
Glaswegian is offline  
Sponsored Links
Advertisement
 
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
3TB HDD won't format
I recently bought a 3TB 5400RPM hard drive and placed it in an enclosure. I orginially had connected it to my PC via USB 2.0 and formatted the entire drive and everything seemed to be in working order. After that I decided to connect the drive via eSATA because of the speed increase. When...
UhOhOhNo Hard Drive Support 8 09-13-2011 08:22 PM
XP Internet Security 2012 Firewall Alert
Hello. Two days ago I got the virus XP Internet Security 2012 Firewall Alert. It does not let me open any file/folder/browser. When I try to google how to remove it, it redirects me to different websites. Please ...
lilbrat0326 Resolved HJT Threads 15 07-03-2011 06:49 PM
Can someone help me see what's up?
I'm a real computer noob I don't know exactly what's going on but ill try to describe it, mostly I'm concerned about a keylogger though. The other problems are every now and then on Google I'll click a link and I'll get sent to some random website, sometimes outta nowhere a new tab will open up to...
soboman Virus/Trojan/Spyware Help 13 05-13-2011 02:20 PM
Aggravating Google Redirect Virus on Wife's Computer
my wife's laptop suddenly is getting the redirect on google searches. i know this is one of your common problems to fix. i had the same problem on my computer about a year ago and your help was the only way i got rid of it on my computer. this computer runs updated version of webroot securities....
scott1nc Inactive Malware Help Topics 36 04-20-2011 04:27 AM
After closing previous thread my problems continue
Hi there. After lots of great help from CatByte all the memory I had lost was returned and it looked like my problems were solved. However I've noticed that the memory I got back has been going down at the same rate as before (see link to thread below). It also takes a long time to shut down with...
Oberjeen Resolved HJT Threads 7 03-19-2011 03:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:09 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts