Today’s smart phones have all the speed, storage, and network connectivity of desktop computers from a few years ago. Because of this, they’re a treasure trove of personal information–and likely the next battleground for computer security.
What makes smart phones attractive–the ability to customize them by downloading applications–is what makes them dangerous. Apps make the mobile phone a real computer, and Apple’s App Store has been a key factor in the phone’s success. But apps also make smart phones a target for cyber criminals.
Apple knows that it wouldn’t take more than a few malicious apps to tarnish the iPhone’s reputation. That’s why the App Store is a walled community. The only apps that get listed are those that have been approved by Apple. To get approved, developers must create a developer account and pay an annual fee. A team at Apple evaluates and approves each version of each application that is made available. Apple reportedly turns down roughly 10 percent of applications submitted to the App Store because they would steal personal data, they contain “inappropriate content,” or are designed to help a user break the law.
Google has taken a fundamentally different approach to ensuring the security of smart phones running Android. Like Apple, Android also has a store, called the Android Marketplace, from which users can download applications. But unlike Apple, any application can be uploaded to the Android Marketplace–Google doesn’t evaluate them first. What protects Android users from malicious applications is a security model based on “capabilities.” Continue reading.