EU cybersecurity agency publishes report on app store security

Popular app stores such as Google Android Market and Apple App Store are used to deliver hundreds of thousands of software applications to mobile devices, but are increasingly attracting the attention of cybercriminals.

Research by security firm G Data shows that malware for smartphones and tablets is up 273% in the first half of 2011, compared with the same period in 2010.

Authors of the ENISA report, Marnix Dekker and Giles Hogben, say that using malicious apps attackers can easily tap into the vast amount of private data processed on smartphones.

They say this data includes confidential business e-mails, location data, phone calls and SMS, but smartphone users are hardly aware of the threat.

The report identifies five lines of defense that must be in place to secure app stores from malware. These are: application review, reputation, kill-switches, device security and jails.

"This report provides a very practical and technical analysis of malware threats for app stores in less than 20 pages," said Raoul Chiesa, an Italian ethical hacker and cybersecurity expert.

ENISA has made an excellent choice of security techniques, he said, and the recommendations are ready to use.

While recognizing the differences between the various smartphone models and app stores, ENISA recommends an industry-wide approach to addressing insecure and malicious apps.

"This paper is a blueprint for how to maintain this head-start and address security across app stores," said Udo Helmbrecht, executive director of ENISA.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?