For Online E-newspaper
The East African : Nov 21st 2015
The EastAfrican 32 OUTLOOK NOVEMBER 21-27,2015 e -AF R ICAN Google, Apple struggle to keep malware out Mobile malwa≥e often o≥iginates f≥om thi≥d-pa≥ty app sto≥es o≥ di≥ect downloads By ANDREA PETERSON The Washington Post G oogle and Apple just removed a popular third-party Instagram app from their online stores after reports surfaced that the app was stealing usernames and passwords and then using the ill-gotten credentials to post spam to Instagram accounts without permission. The malicious nature of the app, marketed as “Who Viewed Your Profile - InstaAgent” on iOS and “Who View Me - InstaAgent” on Android, was first pointed out this week on Twitter by a developer named David Layer-Reiss. An e-mailed inquiry by The Post to the contact listed for the Android app bounced back as undeliverable. The app was removed from both company’s marketplaces by Wednesday morning. But by the time they were taken down, the Android version had received between 100,000 and 500,000 downloads, and the iOS version was reported to have made the top download charts in several countries. But how did it get into those mar- ketplaces in the first place? Neither Google nor Apple would comment directly on the app. But it’s worth using this incident as a teachable moment about the security of mobile apps generally. When mobile malware shows up, it often originates from third-party app stores or direct downloads. That’s because Apple and Google both have systems in place to re- view apps before they make it into their marketplaces. Apple has long reviewed all pro- grammes submitted to the App Store — sometimes to the chagrin of developers, who complain about lengthy wait times before approval. The company is pretty quiet about what the actual review process entails, but it is thought to contain both manual and automated elements and is focused on making sure that apps “operate as described and don’t contain obvious bugs or other problems.” And so far, its approach seems fairly effective — despite occasional proofs of concept malware slipping through over the years, and an incident in September when malicious apps made with counterfeit copies of Apple’s development software were removed. While iOS is clearly not immune to problems, Apple’s tight control over the App Store coupled with Android’s larger market share has made the latter a more juicy target for hackers. According to Cybersecurity firm Pulse Secure’s 2015 Mobile Threat Report, Apple’s mobile operating system is “almost completely out of At the end of the day, Google and Apple will only be incentivised to improve security to a certain point.” Tyler Shields, a principal mobile security analyst at Forrester Research THREAT REPORT FINDINGS Pulse secure’s 2015 Mobile Threat Report was based on data onmore than 2.5 million mobile applications gathered by the Pulse Secure Mobile Threat Centre research facility. There continues to be an increase inAndroid developed malware in an attempt to turn a profit. In 2014, nearly one million (931,620) unique malicious applications were produced —a 391 per cent increase from 2013 alone. The Mobile Threat Centre determined a significant growth in Android malware, which currently the equation for mobile malware development” due to those factors. In comparison, Google’s approach to reviewing apps for security has historically been more hands-off. The company unveiled a service, dubbed “Bouncer,” that automatically scanned the marketplace for malicious software back in 2012. But it wasn’t until March of this year that the company announced that all apps were being reviewed before they were published in Google Play, its app marketplace. “This new process involves a team of experts who are responsible for consists of 97 per cent of all mobile malware developed. In 2014 alone, there were 1,268 known families of Android malware, an increase of 464 from 2013 and 1,030 from 2012. The overwhelming majority of Android malware is being developed and distributed in unregulated third party app stores in the Middle East and Asia. There were four iOS targeted attacks in 2014; most targeted jailbroken devices. Pulse Secure Mobile Threat Report identifying violations of our developer policies earlier in the app lifecycle,” Eunice Kim, product manager for Google Play, wrote in a blog post about the change, which was quietly rolled out several months before it was made public. The process also includes auto- mated elements. “Google’s systems use machine learning to see patterns and make connections that humans would not,” the company’s latest annual report on Android security explains. Google said it analyses “millions of data points, asset nodes, and relationship graphs to build a high-precision security-detection system.” At the time the report was pub- lished, the company said over 25,000 apps were updated to remove potential security issues due to warnings its automated systems delivered to developers. And, as noted earlier, Android seems to attract more malware. Android apps have garnered 97 per cent of mobile malware development to date and it continue “to offer the lowest barrier to entry among all mobile device platforms currently available,” according to the Pulse Secure report. Google’s efforts to clean up its app market have relegated almost all of that bad software to third-party app stores, the report said. However, malicious apps still seem to show up within Google Play fairly often. And some experts warn there’s likely to be more malware lurking in Apple and Google’s official app stores than we think. “This is just one of probably thou- sands of examples of malware that aren’t caught,” said Tyler Shields, a principal mobile security analyst at Forrester Research. Mr Shields also worries that Ap- ple and Google’s review processes are too opaque, so it’s hard to evaluate how effective they are; — he also believes that the business model that underlies app stores doesn’t lend itself to the most stringent security practices. “At the end of the day, Google and Apple will only be incentivised to improve security to a certain point,” he said. “They make money by having more apps in the app stores, and having apps that contain in-app purchases.” If something is obviously malware, they’ll reject it, but an app that may be borderline or has hidden its malicious intent well will be more likely to make the cut, he said. Mr Shields recommends that con- sumers be careful about which apps they install on their phones and look closely at who developed them. He also suggests using a mobile anti-virus product from a well-known cybersecurity vendor. “While it’s not going to be foolproof, it’ll help,” Mr Shields said. Mic≥osoft now adds Designe≥, Mo≥ph to st≥eamline Powe≥Point By HAYLEY TSUKAYAMA The Washington Post MICROSOFT HAS made a pledge to move faster these days, and on Friday announced that it’s adding two new features to PowerPoint — and creating a way to let Microsoft fans get early access to even more new features down the line. The two new features are called Morph and Designer, and both are aimed at making PowerPoint presentations less ugly and less boring. Designer will automatically look at any photo you upload into PowerPoint for a background and suggest several snazzy layout options, based on the template you’ve selected and the photo itself. Microsoft came up with those suggestions by consulting actual designers, who created the library of 12,000 layout suggestions. Designer also uses machine-learning to analyse the photo you’ve selected to pick the right suggested layouts. So, for example, if you’re using a graph, the programme will recognise that and try not to offer layouts that obscure key parts of that image. Designer doesn’t add much in the way of new functionality for the programme but rather makes some of the more advanced PowerPoint functions more accessible to the average user. During a Skype demo of the features conducted for The Washington Post, Microsoft employee Chris Maloney — who spearheaded the Designer feature — said that the goal was to “save clicks” for PowerPoint users. “That’s about 150 clicks’ worth of work you don’t have to do now,” he said, alluding to all the clicking, dragging, resizing and other tasks that used to be required to get these kinds of designs. “And you get to see new design ideas you probably never thought to do yourself.” The other feature is Morph — a streamlined way to drop animations into Power- Point presentations. Mr Maloney said that many PowerPoint users, particularly teachers, often want to put animations into their projects to keep their audience’s attention, but they are intimidated by the way it’s currently done in the programme. With Morph, users can simply adjust the shape or layout of their image on a new slide, and PowerPoint will automatically link those slides together to create the animation. “At the end of the day, these are individual slides. You’re just moving the shapes around,” he said. “As long as you know how to use shapes, you’ll be able to make these and tell stories.” Making the animation process easier has been one of PowerPoint’s most-requested features, said Shawn Villaron, the head of PowerPoint at Microsoft. It had been under discussion for years but hadn’t moved beyond talking about how to streamline the process. But a recent hackathon, in which engineers were encouraged to quickly prototype a prod- uct, ended up putting out a project that set the groundwork for Morph. Villaron credits a new company-wide em- phasis on fast updates and growth for finally getting this idea into the programme. The pace change is supposed to reflect the priorities of chief executive Satya Nadella, who’s aiming to modernise Microsoft and pull it into a mindset that reflects the fast-moving nature of a mobile- and cloud-based world. “This is indicative of the new Microsoft” and Nadella’s leadership, Villaron said. The PowerPoint updates are the first of many small updates, he added. Microsoft first released its 2016 update for the Windows version of Office in September, with key revamps to Word, Excel and Outlook. But that release also kicked off a new development cycle for Microsoft. At the time, the company promised that it would provide more frequent updates to its programmes, rather than saving all its changes for big but infrequent releases.
Nov 14th 2015
Nov 28th 2015