The smartphone-application market could reach 15 billion dollars by 2013. Apple’s App Store has over 250,000 applications with a cumulative-download total exceeding five billion. So it’s no surprise that cybercrime has begun to target this emerging field.

How the app stores work

When it comes to apps, Apple led the way. Blackberry, Google, and Microsoft jumped into the fray soon thereafter. Apple and Google have garnered the lion’s share of the market, and here’s how they operate:

The problem

At this year’s Mobile World Congress, Eugene Kaspersky, CEO of Kaspersky Labs was quoted as saying:
“This year and next year we expect to see the industrialization of smartphone malware.”

The FBI is also concerned. Spencer Ante of the Wall Street Journal quotes Gordon Snow, assistant director of the Federal Bureau of Investigation’s Cyber Division:

“Mobile phones are a huge source of vulnerability. We are definitely seeing an increase in criminal activity.”

Mr. Ante then paraphrases the rest of his conversation with the assistant director:

“The FBI’s Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores. The cases involve apps designed to compromise banking on cell phones, as well as mobile “malware” used for espionage by foreign nations. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones.”

Experts have a good idea as to how this will happen. All the pieces are in place: immense traffic to the app-store sites, a great software delivery system, and no simple way to tell if an application is malicious or not. On top of that, with the number of applications being written and submitted every day, how is it possible to check every line of code? Cybercriminals have to be smiling.

Apple’s solution

Most developers dislike the tight control Apple has over the App Store. But, that control is in the iPhone user’s favor when it comes to vetting app software. According to CEO Steve Jobs, Apple checks each piece of software for the following:
* The app must work as advertised.
* The app cannot crash the iPhone.
* The app cannot use private application programming interfaces.

Google’s approach

Google does not vet applications submitted to their Android Marketplace. Google has specific rules, but relies on users to point out bad software. Google’s policy is as follows:
* Google will remotely disable apps found to be malicious.
* Google requires developers to register with Checkout.
* Google requires developers to declare what their application will need to interact with the phone.

What can we do?

If you pay attention to tech media, you know that neither Apple nor Google is impervious to malicious applications in their stores. Since that’s the case, here’s what we at Responza recommend to avoid downloading smartphone malware:
* Positive reviews: Examine reviews to ensure the application is from a reputable developer. There are web sites that test software for all smartphones. That’s a good place to start.
* Negative news: Due to the nebulous nature of smartphone app development, any negative information should be taken seriously, especially ones dealing with your finances.
* Healthy skepticism: The way app stores work should encourage a lack of trust on the user’s part.

The signs are here. Yet another useful and amazing technology is about to get used for evil. Thankfully, you have Responza on your side to prevent, diagnose, and eliminate new threats as they arise. If you think your smartphone has been compromised by a crooked app, call us right away.