“We aim to please, Miss Steele”
-E.L James in Fifty Shades of Grey
“Good, Bad. I’m the guy with the gun”
-Ash in Army of Darkness
As with the advent of Spyware and Adware, the world of Malware has grown in new directions. While viruses and worms abound and are becoming increasingly (even exponentially) more common, we are still dealing with the personal, social and corporate implications of “Greyware“…and it’s exploding in an entirely new area around the exciting and largely wide-open world of mobile devices and services.
From the virus paradigm of the late 90s, software is good or bad: it performs a valuable function or it wreaks havoc like marauding barbarians on a tear through Rome. Greyware is different: it doesn’t destroy, but it abuses. It hides behind thick EULA’s, obtuse language, partially beneficial behavior, misused trademarks or insufficiently protected corporate brands and logos, ready to pounce on the unsuspecting end user.
The explosion of utility and creativity and diversity in computing is nowhere more evident than on the mobile platform and in mobile networks. “There’s an app for that” has become a common phrase recognized by all. The time it takes to go from saying “should we be able to do X” to actually downloading and using an app is incredibly short. If you want to play Angry Birds, download an app to count beats for songs the DJ is playing at a wedding, find a flashlight or even do banking, your ‘Droid or iPhone or BlackBerry or fill-in-the-blank mobile device can deliver it to you in seconds.
And we trust our application marketplaces. From Google Play to iTunes, we find, we click, we install and we use in moments — often feeding credentials and PII immediately into the app. This is trust, and where there is trust and where there are numbers and where there is value to us, there is value to bad guys to defeat the application screening and security and privacy services.
Some of the apps making their way out there are “darker” that Greywear, verging on clearly “bad” and some are lighter, begging the question of “what’s so bad about that?” Either way, it’s time for more testing, standards and services to make it that much harder to subvert and to abuse. It’s time to bring more trust to these environments than any one screening and testing service can bring.
That’s where the RSA FraudAction-based Anti-Rogue App service comes in. As with the FraudAction RSA Anti-Trojan Service, RSA will explore the darker side behind Greyware. We will investigate the darker corners, looking for those apps that exploit a company’s brands to tempt users into less wise choices in their apps…and then will shut them down.
We will offer the shutdown services that we have made so effective around Phishing infrastructures and Trojan infrastructures, and we will bring the same rigor and quality to reigning in the explosion of “rogue” mobile apps.
Malware on a mobile device…yeah, there are apps for that.
Things that can stop malware on a mobile device from being effective…yeah, there’s RSA Anti-Rogue App service for that!