Ann Arbor Area Business Monthly
Small Business and the Internet
By Mike Gould
I got a call from a concerned client yesterday, asking if he needed to buy anti-virus software for his iPhone. A good question (thanks, Sid!) and a reminder that we live in a bad neighborhood, Internet-wise, and that precautions are better than post-traumas when it comes to security.
The short answer is no; unless you have jailbroken your phone, the only way you can install a malware-laden application (or any app, for that matter) is through the Apple iTunes store, and Apple is very, very, extremely paranoidically careful about what it vets as software for the iPhone. If you use an Android smartphone, it’s a different story; more about this below.
The Apple iPhone ecology is a closed system. You buy your iPhone, signup with your service provider (AT&T or whoever), pay your monthly fees and you are beloved in the sight of Apple, who will anoint your garden with the bounties of righteousness in the form of golden app(les) or somesuch tortured metaphor. And it’s pretty easy and it pretty much works and amen. But…
There are those who traffic not in the paths of upstandingness and, ignoring the writ of Apple, tamper with the soft innards of their iPhones and free them from the shackles their creator hath decreed, allowing them to download apps willy-nilly from sources far from the Apple orchard. This is called Jailbreaking. You mess with that, you can get smited by the curse of Bad Things happening to your data, online ID, and life in general.
You can also download some pretty cool and useful apps, but I didn’t just say that and please don’t and the long distance operator will disavow any knowledge of this article in the case of discovery. In less florid language, as long as you don’t go breaking things, your chance of getting a virus on your iPhone is slim to none.
Which isn’t to say that the situation won’t change; there have been some attempts to undermine the sanctity of the Safari browser used in iPhones, and some proofs of concept have occurred, but by and large, no biggie. And as such exploits are discovered, Apple feverishly comes up with patches, which they provide to those who update their iPhones.
Note that it is still possible to spread a virus with a phone; if you receive an email attachment that is an infected document, and you forward it on to someone else, they are in for a surprise. But so far, there are no known instances of things in the wild that will get into your little rectangular buddy and cause Bad Things. Yet.
The Other Side of the Fence
Some of the other players in the smartphone arena are the Android, BlackBerry and the Windows Phone. There have been sporadic attempts to hack BlackBerries (the ZueS Trojan back in 2011), and as for the Windows phone, well, Microsoft modeled their app store after the Apple model and they rigorously inspect all apps in stock there.
But the real problem is the open Android system. Here the garden gate was left open and various snakes have slithered in. A recent article by Kaspersky Labs summed it up:According to the recently published Kaspersky Security Bulletin 2012, 99% of newly discovered mobile malicious programs target the Android platform… In 2012 Kaspersky Lab identified an average of 6300 new mobile malware samples every month. Overall, in 2012 the number of known malicious samples for Android increased more than eight times.
Note that this is mainly because Android leads the industry in the number of phones sold. Currently market share is around 52% , according to BGR.com on March 6, 2013. Therefore it is the biggest target and, as it is relatively unfettered by the controls imposed by Apple and Microsoft, a pretty soft target at that.
Do Androids Dream of Electric Theft?
According to Kaspersky, Android malware can be divided up into 3 groups: SMS Trojans, which send SMS texts to expensive premium-rate numbers, Backdoors, which provide access to private data and the ability to install other malware, and Spyware, which gathers up address books, passwords, and other personal data (sometimes including photos).
So what is a concerned Android user to do? Well, Kaspersky just happens to sell some anti-virus software that will do the trick. And as a quick glance at the Google Play app store reveals (search on Android Security), there are a lot of other apps out there for this. If I was an Androider, I would install one of these toot sweet. For that matter, the Windows Phone store also has a lot of security apps; do check these out if you use a wPhone.
Don’t Be a Victim
So how do you avoid picking up smartphone malware? Pretty much the same advice you will see for laptop or desktop computer security:
- Don’t download things from iffy websites.
- For that matter, don’t visit iffy websites.
- What makes a site iffy? That’s a toughie – it’s mostly about developing a “street smarts” sense. Be dubious, look stuff up, don’t click on ads, that sort of thing.
- Don’t open attachments on your phone; wait until you get home to your anti-virus-installed main computer.
- As most of this malware is driven by the WWW, keep your web surfing to a minimum while using a smartphone. Hey - who wants to click teeny-tiny buttons on a small screen when you can go home and have at it with a mouse and monitor?
- Unless absolutely necessary, avoid doing financial transactions on your phone. I know this kinda defeats the purpose of these little marvels, but until the Marshall arrives and cleans up the wild west that is the current Internet, a little restraint can go a long way towards making your smartphoning more secure.
Kaspersky Android report:
BGR market report:
Mike Gould thinks his iPhone is way more secure than his computer, was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Web Works/Macintosh Training/Digital Photography mega-mall, builds laser display devices, performs with the Illuminatus 2.2 Lightshow, and welcomes comments addressed to firstname.lastname@example.org.