Security capabilities shouldn't need to be bolted onto the mobile operating system, but unfortunately we're headed down the same painful path with smartphones and tablets that we took with desktops and notebooks.
Researchers at North Carolina State University have developed software that aims to protect Android smartphone users' data from being stolen. My question: Is this really necessary?
The answer is probably "yes." But should it be?
Dr. Xuxian Jiang, an assistant professor of computer science at N.C. State and co-author of a paper describing the research, said in a statement, "There are a lot of concerns about potential leaks of personal information from smartphones."
And to help Android users regain some control over their information, the team developed software they say will give users flexible control over what personal information is made available to what applications. They've named the software, Taming Information-Stealing Smartphone Applications, or TISSA.
In their statement, the team said TISSA works by creating a privacy setting manager that enables users to customize the level of information each smartphone application can access. Those settings can be adjusted any time that the relevant applications are being run–instead of just at their installation.
TISSA, currently in prototype, includes four possible privacy settings for each application: Trusted, Anonymized, Bogus, and Empty, according to their statement. "If an application is listed as Trusted, TISSA does not impose additional information access restrictions. If the user selects Anonymized, TISSA provides the application with generalized information that allows the application to run, without providing access to detailed personal information. The Bogus setting provides an application with fake results when it requests personal information. The Empty setting responds to information requests by saying the relevant information does not exist or is unavailable," they said.
Now, why wouldn't this be a good idea? Why wouldn't people want a Personally Identifiable Information firewalled? They would. That's not the problem. The problem is that these sort of capabilities shouldn't have to be bolted onto the mobile operating system. They should be built into the feature set of the phone.
But it won't be that way. We have anti-virus for mobile, firewalls, and now this type of information protection. We are going down the same painful path with smartphones and tablets that we took with desktops and notebooks–and we haven't learned a thing.
The paper, "Taming Information-Stealing Smartphone Applications (on Android)," was co-authored by Jiang; Yajin Zhou, a Ph.D. student at NC State; Dr. Vincent Freeh, an associate professor of computer science at NC State; and Dr. Xinwen Zhang of Huawei America Research Center. The paper will be presented in June at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh, Pa.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.