Beware of Unsigned Apps that steal Personal Data.

In today’s smart-phone market, we are exposed a lot of Apps. Good Apps and some bad Apps as well. Some Apps claim to have ability to consolidate your data in its entirety into one easily accessible database, while others will even claim to do your laundry… or something thereabout.

Truth is, every 3rd party vendor will promote their App to look like it can do a whole host of functions and most of the time, and they actually do deliver.

But beware of the cons.

With the current influx of user applications in the smart-phone market, knowing what is a genuine App and what is not is really a challenge. Don’t we all wish we could see an App’s authenticity before download-and-install?

Now there is a way. Mbugua Njihia of Symbiotic Media Consortium in a recent Mobile App discussion claims it is important to have Apps with a digital signage. As much as we want this, it is impossible. Software makers in the phone market are increasingly giving their ‘developer’ forums the rights to manufacture Apps and take them to market. A good example is Nokia. Though the Nokia App Wizard, anyone whose website has an RSS feed can have an App on the OVI Store. All Apps put up by this process have to undergo a rigorous testing process before they can go on the shelf thus ensuring they are fit for market consumption. This is articulate in decreasing the cases of fraudulent activity on the Nokia series mobile phones.

What about the rest though? Apple does it too, so iPhone lovers are safe. Samsung have the Bada, which I would like to assume also has a good security program before Apps are posted.

Most of these are closed group vendors. You have to register with them and they are somewhat exclusive. Taking focus on the more open-source architectures, we see a lot of danger.

There was recently an annoying application running on Android the supposedly “Masquerades as a free version of a legitimate app steals data and sends spam text messages and a warning that chastise the user for trying to get around paying for the actual app.” Symantec reported on their website on 30th march 2011.

An excerpt from the cnet website reads, “Once the fake software–which Symantec has dubbed “Android.Walkinwat”–is downloaded and running, it displays a dialog box that indicates that the app is in the process of being compromised or cracked, ostensibly to scare the person who thinks they’re getting the legitimate app for free. Behind the scenes, the software is gathering sensitive data–including username, phone number, and unique device identifier–and trying to send it to an external server.” Symantec says.”.

The website continued that The app also sends out a text message (rife with misspellings and errors) to all the numbers listed in the user’s contact list: “Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck.Don’t steal like I did!”

The app also displays a message that says “Application Not Licensed” and warns: “We really hope you learned something from this. Check your phone bill;) Oh and don’t forget to buy the App from the Market.” It includes buttons for buying the app or exiting.”

This goes to show that we are still a bit fresh in terms of the Application buying and when in doubt professional advice is imperative before downloading cheap and suspect software onto our beloved devices.

%d bloggers like this: