BBC highlights smartphone security issues with app that steals data

The smartphones which have become so much part of everyday life could be vulnerable to security breaches via malware apps, BBC news has said, after it created an app to do just that.

To prove it can be done, and to highlight concerns over smartphone security, the BBC partnered with Chris Wysopal, co-founder of security company Veracode, to create an application which appeared to be harmless but which once installed, could access and steal information from the handset. In the space of a few weeks the team put together a fairly basic game, which contained 250 lines of code which also copied text messages, gathered contact information and logged the phone's location - sending the information to a specially set up email address.

Of course the beeb - being the responsible corporation it is - hasn't released the malicious app into the wild. Rather, it downloaded it onto one test handset to see what damage it could do. However, there have already been concerns about malicious applications in app stores, with both Google and Apple removing apps from their stores over security concerns.

Chris Wysopal, the BBC's partner in crime in creating the malicious app, warns that smartphones are now at the stage that PCs were in 1999 - security concerns are just beginning to be a focus, and most malicious code is an irritation rather than an attempt to make serious money. However, just as we've seen with PCs, it doesn't take long for criminals to latch on to ways of stealing and using information to make money. He added that smartphones could be a more attractive target to the thief than a computer, because it's such a personal device, while other security experts have warned that targeting smartphones could potentially be more lucrative than hitting computers.

App stores like Google's and Apple's are monitored and policed to try to avoid malicious applications being made available, but as application developers will tell you, it's extremely difficult to separate apps which legitimately access and use personal information from those which do so with malicious intent - especially when the malicious apps are often based on the code written by legitimate developers.