For technology companies, success comes with its own paradoxical set of problems. Consumers who may have never had an issue downloading an app from Apple or Google’s app stores may find that some apps can be malicious programs in disguise.
“When you get bigger, that’s what happens,” said Hemanshu Nigam, the founder of the security firm SSP Blue. “Look at it from the real-world perspective, when a store or town or city becomes really big, it becomes a target for crime.”
The same is true of Apple, he said. “Apple has become such a giant in the Internet world that, from a bad person perspective, it’s a great target.”
The company and its app store are growing so quickly — the store recently celebrated its 25 billionth download — and Nigam said he believes its security infrastructure hasn’t caught up yet.
But, he said, Apple has “had the chance to be the savior” and should take the opportunity to put stronger security policies into place.
From a security perspective, one problem with app stores, Nigam said, is that usernames and passwords can be used on any device, so once a hacker has that information, he or she can access accounts on any device.
Nigam recommended that Apple and other app stores send notes to consumers when they find that someone has used a username or password from a different phone, tablet or computer.
“Maybe there’s a note that goes to their iPhone,” he said. “Roadblocks like that have an impact on somebody’s ability to charge an account in the App Store, and I think that Apple can step back and take a holistic look at this. And I absolutely believe that Apple’s capable of doing it; I’m sure they’re starting to work on it already.”
Nigam said that a grander approach to security will help Apple, Android and other platforms set consistent expectations for any customers who download apps from their stores.
“At the end of the day, that says to the bad guy that all the lights are on in the house,” he said.
And what can smart consumers do to avoid downloading shady apps?
“Consumers can also pay attention to the apps they are downloading,” Nigam said. “Don’t download an app simply because it’s popular; that doesn’t mean that it’s safe.”
I also suggest reading the reviews and ratings. If an app has no reviews or really glowing reviews that all sound the same, you should hear some faint alarm bells.
Users should also be wary of downloading apps from independent app stores. While you can find some great apps in these stores, malware apps are also more prevalent on the unofficial stores. Also, be sure that you’re checking the app permissions for anything you download. Even if an app isn’t malware, you may find that you’re granting someone access to information you don’t want it to have.