Software piracy has long been a problem, and nowhere is it more apparent than in the mobile app ecosystem that’s growing larger everyday.  A new report published by 24/7 Wall St. has estimated that Apple’s App Store alone has lost $450 million to piracy since its inception a few short years ago.

While some are questioning the methods used to arrive at such a high figure, the problem of mobile app piracy is apparent nonetheless.  Justifying it’s figures, 24/7 Wall St. estimates that 17 percent of the 3 billion apps downloaded from the App Store were paid apps, or roughly 510 million.  They then multiply that by three and assume that 1.53 billion apps have been pirated.

Multiplying that figure by $3, which is the average price of a paid app, equates to $4.59 billion.  Assuming that 10 percent of app pirates would have actually purchased the app in question, that’s how they arrived at the $459 million in lost revenue estimate.  Whether you agree with their reasoning or not, the numbers are impressive.

Reports like this raise the question of what’s the best way to monetize mobile apps in the first place- via in-app advertising or the traditional one-time cost model.  Utilizing a one-time cost structure makes you as a developer vulnerable to piracy and the subsequent lost of revenue it brings, but maintaining an in-app monetization model via relevant advertising takes most, if not all of the risk away.  As the problem of piracy grows larger, we’ll undoubtedly see a shift to in-app advertising, which has always seemed to make more sense in the first place.

Share This

2010 could be the year of the mobile phone hack attack. That’s according to Roel Schouwenberg, a senior malware researcher at Kaspersky Lab Americas. Schouwenberg is making the media rounds this final week of 2009 to present his theory that Google Wave, the iPhone and Android could sustain heavy cyber attacks throughout 2010.

Although Schouwenberg stopped short of blaming unethical mobile marketers for opening the flood gates for some of the issues he raises, Schouwenberg makes it clear that there’s plenty of blame to go around for the vulnerabilities that could be exploited next year.

“The first malicious programs for these mobile platforms appeared in 2009,” says Schouwenberg, “a sure sign that they have aroused the interest of cybercriminals.”

Schouwenberg believes that Google Wave could very well experience the bulk of attention from cyber criminals who will serve up attacks that follow a somewhat predictable pattern: “First, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.”

Although software security has become a multi-billion industry, there are more malicious threats facing PCs and mobile devices now than ever. And, regrettably, if Roel Schouwenberg’s predictions ring true in the new year, 2010 will bring with it many attempted security threats – no shortage of which could prove successful in causing the chaos they seek to engender.

Share This

With the amount of potentially dangerous spam and other bogus mobile content threatening our digital way of life, it sure helps to have an extra pair to eyes to watch out for the dangers that lurk around the corner.

Fortunately, Cisco has acted on this need and introduced a new (and free) iPhone app chronicling the latest security threats to computers and mobile devices by offering alerts from Cisco’s enormous internet traffic and security experts (better than 500 in all) monitoring the cyber dangers that loom large, occasionally unbeknown to us.

“SIO To Go” enables you to monitor a host of security news feeds, the most important of which is Cisco’s Risk Report. Tossed into the mix are podcasts, Twitter feeds, and an array of blogs. From the looks of it, Cisco’s app does, indeed, serve up a lot of “unique information” collected from Cisco’s monitoring of more than 60% of the world’s e-mail.

All in, the cross-referencing of data from multiple sources enables Cisco’s app to present a “threat correlation” based on known and identified Internet attacks via spam or other nefarious mechanisms. The ability to enter an IP address or domain name to check the site’s e-mail or web reputation score is a killer feature arguably practical for anyone accessing the internet.

Among the other simple, but much appreciated functions are the ability to review volume statistics, obtain data from Whois, and review terse summaries of a website’s reputation. A valuable tool for IT professionals, mobile marketers, and virtually everyone in between, “SIO to Go” is available for download beginning today.

Share This

The problem has been around forever, yet the mobile industry is still fighting for a solution to SMS spam.  As such a quickly growing problem, the FCC and several mobile-specific organizations are still trying to define what is and what isn’t considered mobile SPAM- a process that’s easier said than done.

Mobile spam can be sub-divided into two general categories: legitimate marketers not following best practices and sending unsolicited messages, and the more devious malware attacks, in which malicious messages are sent through text or e-mail to attack a phone’s operating system.  Either way, this spam is annoying to consumers, and is giving legitimate rule-following mobile marketers a bad name.

The MMA and other mobile communities have been busy creating industry best practices, rules and regulations to help legitimate marketers stay a step ahead of spammers and to remain transparent in their efforts, but the entire landscape changes so quickly that staying ahead of the curve is getting increasingly difficult.

Contributing to the intolerance of SMS spam is the fact that consumers often will stop what they are doing to read a new mobile message, and will likely have to pay a fee for receiving it.  Getting more and more spam messages makes consumers that much more weary of opening any marketing-based SMS message, legitimate or not.

Read the rest

Share This

We’ve heard a lot about security loopholes, malware and other problems related to SMS recently, but this one is truly scary.  An Israeli wireless carrier has been sued for allegedely wiretapping, in thatit stores all SMS messages sent or received over its network.

The lawsuit emphasizes that Pelephone, the wireless carrier in question, not only stores “communications data”, such as when messages are sent, the phone numbers of the sender and recipient, and length of the SMS, but that the company also keeps the entire content of the messages.

Pelephone admits that they do in fact store SMS content in a “secured database” with limited access, and that they only store the content of any one message for no longer than one month.  The reason they do so is to “provide SMS services,” the company states.  The spokesman also admitted that the time the company holds the content of SMS messages varies slightly from system to system- meaning that it most likely keeps the content much longer than one month in most cases.

Upon signing up for service with Pelephone, users give “implied consent” to the saving of their SMS message content, the company claims, but the those sueing the company see it differently.  The claimants argue that Pelephone has no authorization to save SMS messages, and that it infringes on both the privacy of its subscribers and on the privacy of subscribers of other networks, by concealing the fact of the storage from them.

Not many details have been released regarding the outcome of this lawsuit, as its still being played out, but we’ll definitely be watching this one.  It just goes to show you that you should always read the fine print, even when signing up for wireless service.

Share This

At the Black Hat Security Conference that’s taking place today in Las Vegas, two security researchers are set to present on several SMS vulnerabilities that have been identified that could affect several major mobile operating systems- including Android, iPhone and Windows Mobile.

Using some sophisticated software and technical know-how, researchers are using what’s called the “Sully Fuzzing Framework” to point out any and all potential flaws and security loopholes present in various scenarios.  ”Fuzzing” is a form of automated software testing that involves entering random or unexpected data.  Crashes or unexpected behavior arising from such input can then be analyzed as a potential vulnerability.

More simply, the two researchers created a layer, called the “injector,” just above the bottom of the telephony stack that performs a “man-in-the-middle attack,” so to speak, by intercepting communication between a mobile device’s modem and multiplexer.  By doing so, the pair found several SMS flaws on both Android and iPhone platforms, with Windows Mobile still being analyzed.

In iPhone OS 2.2 and 2.2.1, they were able to crash the iPhone’s SpringBoard window management application and the iPhone’s CommCenter, which manages iPhone connectivity- the heart of network connection for the iPhone, meaning vulnerabilities could be a serious problem.

This news comes on the heels of a report that Symbian-powered smartphones are likely to be infected with malware and spyware and doesn’t speak well of the security surrounding the devices that almost everyone in the world is carrying around with them at all times.  It shows that, just like with computers, we should never keep our guard down from attacks of all kinds.  Hopefully, patches and fixes can be introduced now that the vulnerabilities have been recognized, but that only means new loopholes and attacks will be along shortly.

Share This

A new study sponsored by SMobile Systems, a provider of mobile security solutions, has found that Symbian-based smartphones have a high risk of being infected with spyware and malware- in fact, one out of every 63 smartphones are already infected.

The study of 1,958 smartphones revealed infections by Spyware, Viruses Worms and Trojans, as well as hundreds of unlicensed software programs installed on the handsets reviewed.  A comparison of these statistics to the worldwide smartphone population places the number of infected devices globally into the millions.  Because the vast majority of these infections are designed to be stealthy and the fact that few smartphones posses Anti-Malware applications, most infected users are completely unaware their devices have been compromised.

Similar to the problem computer users have faced for decades, mobile spyware and malware creates an even bigger problem given the fact that mobile devices often times carry much more sensitive and personal information than computers do.  In addition, the variety of ways mobile devices send and receive information leaves many doors wide open, so to speak, for hackers to spread their malware.  The attacks have taken the form of worms and Trojans that are transmitted via Bluetooth, SMS, MMS, or email, as well as Spyware that is unwantedly being downloaded from various online application and shareware websites.

This raises concerns for the mobile marketing community as it will make consumers much more weary about opening SMS messages, email, Bluetooth connections and other forms of communication from advertisers, even though most will be legitimate.  If the problem persists, and especially if other mobile operating systems are compromised, consumers will become very hesitant to interact with anyone other than people they know, making things even more difficult for brands and advertisers looking for personal and targeted ways to interact with consumers.

Share This