Linked by David Adams on Fri 12th Sep 2008 16:39 UTC, submitted by Dannys
Privacy, Security, Encryption The opening up of the mobile industry is great news for application developers but not so good for IT security professionals, according to experts. For example, Symbian, the single most widely used mobile software platform, has already wrestled with the dangers of openness to third-party developers, said Khoi Nguyen, group product manager in mobile security at Symantec. Symbian 7 and 8 were fairly open and allowed almost any application to be installed and run. This led to a few hundred viruses being introduced within a couple of years, so Symbian 9 was locked down significantly, he said.
Permalink for comment 330175
To read all comments associated with this story, please click here.
RE: security through obscurity
by Timmmm on Fri 12th Sep 2008 17:43 UTC in reply to "security through obscurity"
Timmmm
Member since:
2006-07-25

They aren't talking about security through obscurity. They're talking about how much the phone trusts applications. From the sounds of it Symbian is "Insanely too much" and MIDP is "So little you can hardly do anything". The article even says old versions of symbian allowed silent sending of text messages and use of the phone's mic! What idiot allowed that? In contrast MIDP will ask your permission for each file access and there is no way to disable this behaviour.

Clearly there is a sensible middle ground that no-one is taking. Apps shouldn't require expensive signing, and API's should be smart about what they allow. For example for sending texts there should be the options:

* Always deny
* Always allow
* Ask permission
* Ask permission for numbers not in my address book

I seriously doubt many (any?) of those viruses were really viruses. They were probably of the 'Please press OK to send this to everyone in your address book' type.

Reply Parent Score: 10