New smartphones have impressed consumers, but the iPhone, Android and Palm Pre still lack business features
Companies that wish to standardise their mobile fleet on a specific version to ease ongoing support may find the upgrade process hard to control. Certainly, these updates could come fast and furious, as Palm has not been shy about new releases, unleashing three point upgrades in the first month the platform was shipping on the Pre.
According to Patrik Runald, chief security adviser for anti-malware vendor F-Secure, the threat landscape for mobile devices is not particularly active, and whatever action there is concentrates on Symbian and Windows Mobile rather than upstart mobile operating systems such as WebOS.
Indeed, Runald said his company has found that, at this time, corporate customers are much more interested in pursuing on-device encryption and policy enforcement than in implementing anti-malware protections.
If that’s the case, the current lack of available on-device anti-malware solutions for iPhone OS, Android and WebOS may not be an issue. Even the PCI DSS (Payment Card Industry Data Security Standard) 1.2 doesn’t address these platforms, as the specification calls for anti-malware protections only on systems known to be commonly attacked.
However, if the need for such security does arise down the road, the iPhone could present a problem. Given that the iPhone SDK does not allow third-party developers to create background applications, an on-device anti-malware platform is not currently possible.
To hammer home this point, Runald demonstrated a spying application for the iPhone called FlexiSpy that monitors and intercepts call logs, text messages and GPS location logs. FlexiSpy requires the iPhone be jailbroken to start installation, but the software comes with complete instructions on how to perform the jailbreak, along with tips to hide evidence of both the application and the jailbreak. Since security vendors aren’t going to develop for a jailbroken operating system, the potential exists for threats without resolution that could be used to steal communications or other data.As a full-fledged operating system, the iPhone has time and again proved to be full of security vulnerabilities — many of which take Apple months to fix — so the potential exists for badware to find its way onto the device without any recourse for centralised detection or cleaning.