Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mobile application assurance

No doubt the explosion in smartphones and tablet devices has enlivened the global marketplace and brought convenience and connectivity to consumers. However, while many benevolent mobile applications do what they're supposed to – Apple and Android distributed close to 20 billion downloads in 2011, according to industry estimates – countless others carry malware.

Angelos Stavrou, an assistant professor in the computer science department at George Mason University in Fairfax, Va., working with Jeffrey Voas of the National Institute of Standards and Technology, is creating a capability for apps to be vetted and, in the not too distant future, for the public to gain access to reports that will allow them to gauge an application's trustworthiness.

At the moment, a portal available only to the military, FBI, Department of Justice and civilian agencies rates mobile apps in terms of code functionality and reliability. The intention is to eventually make the research available to a much wider audience.

“Consumers want to move to tablets and smartphones, but this new market is not as secure as it is for laptops,” said Stavrou. “Many of the mobile applications have not gone through the process of being approved for use.”

The question becomes: What is a good application? Metrics are needed, Stavrou said. “Most software for computers comes from companies users can trust,” he said. However, in the burgeoning mobile market, there are offerings that may have been rated highly, but may prove unreliable. Also, developers in the mobile market sometimes take legitimate code, add some of their own, and repost it as their own product, he said.

“What we try to do is scour the web, identify all the mobile apps posted online, and create a report of what the app really does,” Stavrou said.

What he's discovered is that most of the developers in the marketplace are young and don't care about reliability. They care about bringing functionality to the user, but at the same time they open the door for code functionalities to be abused by others.

“We want to bring a rational evaluation of the functionality, quality and the reliability of that code to the end-user, and explain why an app might not be good,” Stavrou said.

The positive news is that it is a solid market that will inevitably sort itself out, he said. “Faulty apps will fade away and be replaced by more serious apps, and people will pay more attention to reliable coding.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.