The mobile world is abuzz by a recent article in
The Guardian that the US National Security Agency and the UK GCHQ can target “leaky” apps that transmit private information. Of course, Angry Birds was used as an example, and that hits home to a lot of people. The Guardian does a nice job with the report; we suggest you check it out, no need for us to rehash it here (link at bottom of article).
My take is that developers should be spooked, not just because of the NSA, but on the growing amount of press out there on the vulnerability of data. News of the recent credit card breaches at Target and other companies, Apple paying fines for improper data collection, and the like will just make people less willing to download and access apps that collect user information.
Arxan conducted research into the top 100 paid Android and iOS applications as well as the top free apps on both operating systems, and found that there is widespread and unfettered hacking of mobile applications on both iOS and Android. 100% of the top paid Android applications and 73% of free apps had been subjected to some form of hacking, with 56% of paid iOS applications also having been compromised.
“It certainly doesn’t come as much of a surprise that government agencies are developing capabilities to collect personally identifiable information from ‘leaky’ mobile applications. In 2013 consumers downloaded over 83 billion applications worldwide, and the amount of data that each app collects from a users’ phone such as names, makes and model, location information, is quite startling. The problem, in this case, is not so much what data the applications are collecting, but the protections in place to keep that data secure.' - Kevin Morgan, Chief Technology Officer at Arxan Technologies.
What this demonstrates is that many application developers and owners are simply not putting enough protections in place to secure their apps, which leaves users’ data vulnerable to compromise by anyone with the technical know how to get it. Users’ need to be aware that applications are often designed with functionality in mind and not security and therefore need to be wary of the information they provide to an app. App developers and owners need to be incorporating security into the app from the outset with the aim of ensuring that protecting data held within the app remains one of the top priorities throughout development.”
And Mikael Hed, CEO of Rovio Entertainment has fired back today with this comment on the Rovio news page, “Our fans’ trust is the most important thing for us and we take privacy extremely seriously. We do not collaborate, collude, or share data with spy agencies anywhere in the world. As the alleged surveillance might be happening through third party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks. In order to protect our end users, we will, like all other companies using third party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes.”
Now with Angry Birds statement, ad networks are going to have scramble to prove their innocence, and the truth is, they probably couldn’t stop the NSA from sniffing around if it really wanted to.
And like the Target data breach, it’s all going to fade into view. Luckily the US Super Bowl is this weekend and will dominate the news. But for all of the ancillary players who may are may not be affected, its not going to be a fun few days.
For more information on the news, click on the link below.