Smartphone Security

Market analysts predict that smartphones will outnumber PCs by 2013, and that they will be the most common device for accessing the internet. In 2010 we published a report about smartphone security. The report gives an overview of the top risks and opportunities for smartphone users, and we made recommendations for end-users, and IT officers to address these risks. For an overview of the risks see our smartphone risks top ten.

We are following up on this work with the following activities:

• Secure app development: We have drafted, together with OWASP, security guidelines for app developers. 
• App store security: App stores are a new model for 3rd party software distribution, that is  not only used for smartphones (Android's marketplace, Apple's Appstore, for example) but also for social media (Facebook apps for example), cloud services (Google apps, for example), and web browsers (Mozilla’s addons, for example). We published a paper about malware threats to app stores and how to defend against them.
• Web login on smartphones: (ongoing) Highlighting an important information security opportunity of smartphones: The fact that online authentication can be implemented more securely by using smartphones.
• Risks and opportunities of IT consumerization: (starting up) Issuing guidelines for IT officers to deal with emerging information security risks from smartphones (iPhones, iPads, etc) entering the workplace.