27 September 2016
Find out more

Security firm bids to map mobile app security flaws

30 July 2010  |  6233 views  |  0 Fingers on smartphone keypad

Smartphone security outfit Lookout has unveiled an 'App Genome Project', mapping mobile applications in order to identify potential threats.

The issue of application security was highlighted earlier this week when Citi admitted a flaw in its iPhone app resulted in it improperly storing customer account information.

Unveiling its project at the Black Hat security conference this week, Lookout says it has so far scanned nearly 300,000 and fully mapped almost 100,000 applications for the iPhone and Google Android platforms.

The research shows Android apps are generally less likely than those for the iPhone to be capable of accessing a person's contact list or retrieving their location.

The App Genome Project also found that a large proportion of applications contain third party code with the capability to interact with sensitive data in a way that may not be apparent to users or developers. Nearly half - 47% - of free Android applications included this third party code, compared to just 23% for the iPhone.

Lookout says it has found a series of wallpaper applications in the Android Market that are gathering seemingly unnecessary data and transmitting it to a server over an unencrypted network connection.

However, in a blog, Kevin MaHaffey, CTO, Lookout, stresses that "while this sort of data collection from a wallpaper application is certainly suspicious, there's no evidence of malicious behaviour".

John Hering, CEO, Lookout, says: "The App Genome Project is an important step in securing our mobile phones against threats. With a real time database, we can quickly identify threats in the wild and swiftly move to protect consumers. Early results point to the need for developers to be more aggressive about protecting consumers' personal information, including what information is accessed, what is sent off the phone and how it is stored."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Citi admits iPhone app security flaw

Citi admits iPhone app security flaw

27 July 2010  |  10441 views  |  0 comments
Banks must wake up to mobile virus threat - Ovum

Banks must wake up to mobile virus threat - Ovum

06 July 2010  |  13425 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit www.smartstream-stp.comFind out moreVisit i2cinc.com

Who is commenting?

A Finextra member Finextra Member Commented on: PSD2 - opportunities,...
A Finextra member Finextra Member Commented on: R3 banks use Intel dis...

Top topics

Most viewed Most shared
RBS tests demonstrate ability of Ethereum to support a national domestic payments systemRBS tests demonstrate ability of Ethereum...
13836 views comments | 54 tweets | 47 linkedin
Swift beware: Ripple signs banks to global payments steering groupSwift beware: Ripple signs banks to global...
8655 views comments | 32 tweets | 17 linkedin
Banks clubbing together to tackle KYCBanks clubbing together to tackle KYC
7148 views comments | 3 tweets | 8 linkedin
FCA to kickstart sandbox with 24 applicantsFCA to kickstart sandbox with 24 applicant...
7144 views comments | 33 tweets | 15 linkedin
Brexit offers exciting opportunities for growthBrexit offers exciting opportunities for g...
7045 views comments | 4 tweets | 3 linkedin

Featured job

Find your next job