Mobile phone security: What are the risks? June 17, 2011|By Amy Gahran http://articles.cnn.com/2011-06-17/tech/mobile.security.gahran_1_android-app-android-phone-apple-s-app-store?_s=PM:TECH This is an app contaminated with malicious code that makes your phone do things it shouldn't -- such as steal your personal data. While no smartphone platform is immune from malware, so far Android apps appear to present the greatest malware risk. This is because of the openness of this platform and Google's Android market. The best way to protect yourself against malware is to read the list of permissions that an Android app requests before you install it. Does that list make sense? For instance, does a game really need to be able to send premium text messages or access your contact list? Mobile security tools such as Lookout or Norton Mobile Security (in beta) can help guard against Android malware by scanning apps and other programs and data on your phone. ------------------------------------------------------------------------------ Use Permissions to Secure Your Private Data from Android Apps Technically Personal http://techpp.com/2010/07/30/android-apps-permissions-secure-private-data/ Permissions: - make phone calls (legit use: Google voice) - send SMS or MMS - modify/delete SD card contents (critical permission) (legit use: note taking apps, camera apps) - read contact data (critical permission) (legit use: social networking apps) - GPS location (legit use: restaurant suggestion apps) - full internet access: For any malware to truly be effective it needs a means by which to transfer data off of your phone, this is one of the setting it would definitely have to ask for. However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this. - retrieve running applications: It will allow an application to find out what other applications are running on your phone. --- Permissions on Android vs IPhone On the Linux-based Android platform, each application runs in a separate "silo," unable by default to read or write data or code to other applications. Associated with each isolated application is a unique identifier and a corresponding set of permissions explicitly governing what that particular application is allowed to access and to do. In iOS you declare your application requirements in its manifest-like Info.plist. But this information is not used to ask user permission, only for ensuring device compatibility. Only Notifications and Location Services require user permission, which is automatically asked to the user the very first time your application attempt to use the corresponding API. My guess is that many other permissions are already granted via the Apple Store license agreement