The smartphone market has never been so competitive. Since the iPhone reinvented the idea of what a smartphone could be in 2007, the choices available to the consumer have never been wider or more sophisticated.
Rivals like Samsung, HTC, Microsoft and Google have caught up with Apple and are releasing ever more sophisticated and good-looking handsets. Even the, supposedly on its knees Canadian manufacturer, BlackBerry, is coming back into the game with its new Z10 all-touch handset.
Such choice has had an effect. According to analysts Comscore, more than half of all mobile phone users in Europe’s five biggest markets now possess a smartphone.
Its statistics showed that 54.6% of mobile users in France, Germany, Italy, Spain and the UK used smart phones like Apple’s iPhone or alternatives powered by Google’s Android.
Along with the parallel growth in the ownership of touch tablets and other smart devices the techno-social shift into what Steve Jobs described as the post-PC era is firmly established.
The percentage of smartphone users is likely to increase, not just in Europe but also across the globe annually – with emerging nations the next most eager adopters. Africa is often described as a continent that missed the PC era entirely and went straight to embracing the mobile paradigm, where it has taken the place of poor telecoms infrastructures and drives local economies.
All of which is great news, especially for handset manufacturers, application developers and mobile networks eager to sell us data intensive phone contracts
There is though a darker side to this new smartphone paradise and that is, of course, security threats. Criminal hackers constantly look at ways of getting into our personal data and if we are shifting away from PCs as our point of access to the Internet as well as processing and storing data, then the hackers will shift with us. Experts have predicted that attacks against smartphones will rise exponentially in the next few years.
According to McAfee’s 2013 Threat Prediction report, “Cyber criminals and hacktivists will strengthen and evolve the techniques and tools they use to assault our privacy, bank accounts and mobile devices, businesses, organizations and homes.” It also reported that attacks on smart phones have increased six fold.
Meanwhile, Finnish security firm F-Secure reports that the number of malware attacks directed at mobile Android devices quadrupled from the first quarter of 2011 to the same quarter in 2012. CNN reported that Lookout Security, a security firm, reckons that four in ten smartphone users will click on links that may infect the handset with malware or lead to other suspicious web sites.
Before smartphones and tablets became so prominent, mobile security was something of an afterthought for many security vendors, something to make a few extra bucks perhaps but nothing compared to the real meat of selling anti-malware to PC users. In the corporate world, the likes of BlackBerry and the (old) Windows phone did a pretty good job of protecting business users and integrating themselves into locked down business networks. But with consumerisation and Bring Your Own Device (BYOD), everything has changed.
It follows that hackers, however sophisticated, mostly look for vulnerabilities they can exploit to gain access to places they shouldn’t. And it is the same in the mobile world.
Watch how easy it is to do here:
And one mobile operating system is more vulnerable than its rivals: Android. Since Google launched its open source platform in 2007 as a rival to Apple’s iOS, it has become the world’s dominant smartphone operating system – mostly because Google was happy to license it to any phone manufacturer that wanted it.
Being an open source operating system the other attraction for manufacturers was the ability to modify the look and feel of Android on their handsets.
This is very different from iOS; completely closed and exclusive to Apple designed and manufactured devices. Microsoft has copied this approach with Windows Phone 7 & onwards and also strictly controls the firmware and software standards that OEMs must adhere to. Like iOS, all Windows phones operate identically – the only difference is in camera specs or handset design.
On Android, differences in OS iteration can result in vulnerabilities that Google has little control over despite Google’s official guidelines to OEMs:
“ Android was designed with device users in mind. Users are provided visibility into how applications work, and control over those applications. This design includes the expectation that attackers would attempt to perform common attacks, such as social engineering attacks to convince device users to install malware, and attacks on third-party applications on Android. Android was designed to both reduce the probability of these attacks and greatly limit the impact of the attack in the event it was successful.”
It may well have been but developers and handset manufactures often have other motives. Meanwhile the Google Play app store is a bit like the Wild West when it comes to security. Unlike Apple and Microsoft’s equivalents, anybody can upload any app on there – literally unchecked.
Another security vendor, Massachusetts based Bit9, says there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. The company analysed 400,000 apps in Google Play, and found over 100,000 it considered to be suspicious.
Meanwhile, Charlie Kindel, a former Microsoft employee, who may obviously have some latent loyalty to his old employer, believes that Google has “lost control” of Android.
In a blog post reported in The Guardian he wrote, “Google has lost control of Android due to fragmentation. You’ll note that I intentionally separate Android from Google. Repeat after me: Android is not Google and Google is not Android. Android has become something that is independent of Google (or anyone else, for that matter)”.
Despite Kindel’s loyalties, what he says lies at the heart of the problem for Google and Android – it created a monster and now like Dr. Frankenstein, it is now looking at ways to kill it – at least in its current form.
What Google, as it seeks to become a top tier hardware vendor wants above all is a secure mobile OS – or at least as secure as iOS and Windows Phone.
How can it do this? It has started by releasing its own Nexus brand of phones and tablets for which it provides a “pure” version of Android – but they are still vulnerable to the vagaries of the Google Play app store.
So the future is likely to be much more radical. The company recently appointed one of its brightest stars,Sundar Pichai, as head of Chrome OS, Chrome browser and, crucially, Android development.
Chrome OS is gaining traction and unlike Android is wholly secure, as are the apps that run on it. The future for Google Android could be a merger into Chrome OS.
Google could then take complete control of OEM, release a locked down version of the new merged OS and with it total control over the apps that run on it.
Given that the smartphone era looks like it has decades to run yet, the eventual winners must embed security into devices along with the features that grab headlines in the techosphere. Google knows that if it is to be a winner in the mobile hardware business, it needs to tame Android, take back control and prove it secure.
About the Author:
Paul Fisher has worked in the technology media and communications business for the last 22 years. In that time he has worked for some of the world’s best technology media companies, including Dennis Publishing, IDG and VNU.
He edited two of the biggest-selling PC magazines during the PC boom of the 1990s; Personal Computer World and PC Advisor. He has also acted as a communications adviser to IBM in Paris and was the Editor-in-chief of DirectGov.co.uk (now Gov.uk) and technology editor at AOL UK.
In 2006 he became the editor of SC Magazine in the UK and successfully repositioned its focus on information security as a business enabler. In June 2012 he founded pfanda as a dedicated marketing agency for the information security industry – with a focus on content creation, customer relationship management and social media.
His heroes include David Ogilvy, Ludwig Mies van der Rohe, Ken Garland, William Bernbach, Andy Warhol, Richard Branson, Charles & Ray Eames, Steve Jobs and Paul Rand. And George Best. He comes from Watford but he thinks he comes from Manchester. If you came from Watford, you would too.
As an impulsive adopter of new technologies and an inability to stick to one ecosystem, he can be spotted around London’s finest WiFi hotspots variously sporting a Chromebook Pixel, an old Blackberry, Nexus 7 and a Nokia 920. He also has a Mac and an Xbox at home.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.