The smartphone app is a phenomenal success with a total download figure that is fast approaching 50 billion according to Getjar. There is however a potential downside as apps, particularly free applications and games, can collect and transmit personal information without people’s knowledge, violating their privacy, or be used to defraud the subscriber through premium SMS messages, auto-subscribe, international calls and even operator or on-board payment transfer mechanisms.
This leaves carriers caught between wanting to promote apps to drive stickiness and data usage, but at risk of having their subscribers become compromised, and having to handle increased customer care complaints.
Rogue apps are capable of collecting information that can include Facebook ID, email address phone number, handset, country, city and GPS co-ordinates. The information may be transmitted over the internet to a range of advertising brokers and analytics firms - relatively innocuous recipients, but rarely, if ever, named explicitly within application terms and conditions. Some of the apps may be sending city or coordinate data for legitimate reasons but users are unlikely to be fully aware of the specific terms and conditions attached to its use. Having application vendors provide users with 27-page of terms and conditions documents is not the solution.
By implementing a level of network security that leaves their customers free to enjoy their smartphone experience unhindered, operators can step into the growing gap between users and their devices and provide a seamless, secure experience.
Rogue App Remediation
The Network Plus Protection Platform (NPP+) provides carriers with the tools to protect subscribers from exploitation by rogue apps. The NPP+ offers three levels of protection:
- Identification of devices that are compromised, by the footprint of data and SMS requests known malware makes on the network;
- Identification of new threats, through advanced behavioural algorithms monitoring the traffic within a carrier’s environment;
- Remediation of the device, using either the MalwareDetect+ app to alert the user to a hostile application, interrupt redirection, or using an operator’s own MDM capability to remove the application.
By informing users when they are compromised, while simultaneously blocking the effects of the infection so the subscriber is protected from loss; an operator is able to reinforce the trust that subscriber has in the network.GSIM 3 – Rogue Application research