Interesting article at New Scientist detailing how security researchers crafted an app called WeatherFist and loaded it onto various mobile phone app marketplaces.
The software was actually malware and “surreptitiously relayed data about the users’ locations and phone numbers to a server controlled by Brown and Tijerina [the researchers]”
The article claims that Android users are more vulnerable to this because unlike Apple, Google doesn’t scrutinise apps as closely. 90% of the 7,800 downloads came from Android users. Maybe they are just more into downloading weather apps?
It’s a good point and a reminder though that with systems that are less controlled and more open there can be high risks associated with security. And as Google pointed out in response to the research, the user is warned what features the app wants access to on your phone – still, you have no idea exactly what data is being transmitted so it is pretty hard for any user to know exactly what an app is doing.
So how long till we see the first botnet of smart phones?