Just as mobile customers’ expectations vary widely about privacy and security, so do the approaches that mobile vendors take in safeguarding customers’ security and privacy. Today, mobile devices have similar capabilities and characteristics of modern desktop computers, with one exception—the amount of personal data on the device. Unlike computers, applications downloaded on mobile phones and tablets have the ability to broadcast your location, private conversations, pictures, banking information and other sensitive data, even when these mobile devices are not in use.
With the increased prevalence of smartphones and tablets becoming a common part of how we share information with our family, friends and co-workers, there is a growing potential for increased risks related to data security and privacy. This isn’t the first time we’ve watched the computing threat landscape evolve. Over the last decade, as more users leveraged the power of personal computers, attackers began focusing on ways to steal users’ data and take control of their computers. Their methods included using vulnerabilities in the software and creating malicious software, known as malware, which is designed to trick a user into installing these programs in order for the attacker to gain control of a user’s system. Now, as we move toward a mobile computing society, we’re seeing that same trend happening across the mobile industry.
One of the significant security concerns facing the mobile industry is how to address the skyrocketing amount of malware on mobile devices. This concern is especially challenging because instead of attackers trying to trick computer users to install malware, attackers have shifted their focus and tactics by offering what appear to be safe apps. They are placing their malicious apps within smartphone app stores and bypassing protections that these app store vendors may have in place to help prevent malware. While most smartphone users have heard of malware, and know about its potential to harm their devices, they don’t expect that any app downloaded from their smartphone’s app store is malicious. As a result, smartphone users may not be as careful or discerning when deciding which third-party apps to download, and these choices can lead to users being vulnerable to potential security and privacy implications associated with these apps.
Every smartphone and tablet vendor uses a different strategy for protecting customers from both malware and privacy concerns, and customers do not typically have insight into how they may or may not be protected from these issues. At BlackBerry, we’re committed to protecting customers and their data, and also to providing greater transparency into the unique level of protection we offer customers.
We recognize that customers want and need access to apps that do not infringe on their privacy or impact their security. With such a significant challenge facing the mobile industry, we determined adding additional layers of protection are crucial to helping protect BlackBerry customers. As part of our comprehensive approach, we are incorporating Trend Micro’s industry-leading anti-malware technology with our current internal, proprietary system for analyzing apps. Through this collaboration, we will use Trend Micro’s suite of app scanning technology to help enhance BlackBerry’s anti-malware capabilities, including industry-leading app analyzing techniques and built-in permission settings on BlackBerry devices. By vetting apps against Trend Micro’s extensive library of known malicious software, we will help ensure both current and new apps submitted to the BlackBerry World storefront are scanned for potential malicious behavior.
When an app is flagged as suspicious during our continuous vetting process, BlackBerry investigates it thoroughly to determine if the app is malicious. If it is not malicious, we examine it for privacy implications by determining if it clearly and adequately informs customers about its behaviors. If and when an application is found that either contains malicious code or may infringe on customers’ privacy, we inform the developer about the issue, remove the app from BlackBerry World and release a corresponding malware or privacy notice to customers. These notices help provide greater transparency to our customers about what actions we are taking to help safeguard their privacy and protect their data as well as offer guidance to customers on what actions they should consider regarding those specific apps.
While there are several approaches to protecting mobile customers from emerging security and privacy concerns, as an industry overall, we need to do a better job of ensuring that customers have the opportunity to make informed decisions about exactly what they are downloading and purchasing on their mobile devices. It is important to remember that attackers are not just focusing on one type of smartphone, and they are continuously refining their methods and abilities with each attempt as well as sharing techniques.
Given that both malware and privacy concerns span across the breadth of the mobile industry, it’s not practical to believe that any one company can thoroughly address these issues on their own. By working with an industry leader, such as Trend Micro, we’re establishing a unique level of protection for BlackBerry customers, and we believe the rest of the industry should also consider working collaboratively in order to address the significant increase in mobile malware and privacy implications associated with third-party apps.