One of the best things about owning a tablet is the huge number of cool apps you can download to it. There are a lot of broad use apps for the daily tasks we all must accomplish, and even better are the focused apps that help us do little things in our life that we like to do. It might be an app for HVAC technicians, or a way to sort the key news feeds that a financial services professional needs to review on a daily basis.
However, not all of those apps are what they seem to be. Some of the apps are actually malware and create far more problems than they purport to solve. The reality is that the Android market has a substantial problem according to InfoSecurity magazine and other sources. To make this more frustrating, a number of the purported anti-malware tools are actually malware! And while there is less malware in the iOS app market, there are still instances of malware there also. Now the issue isn’t the amount of malware, the issue for tablets in the enterprise is that there is malware. This means steps must be taken to deal with it.
To understand the response needed to threats from the app stores, it’s essential to look at the problem as it exists in the three major tablet environments, iOS, Android, and Windows.
Starting with iOS, the technical reality is that Apple makes it hard to infect an iPad with traditional “virus” type malware, and to date, exploits have been few. But, that doesn’t mean we can turn a blind eye to the problem. With tens of millions of devices in use, and known malware creators working feverishly to develop new malware structures that can exploit an iPad, it’s not if, but when malware hits. And of course there is fakeware like the Russian app Find and Call that looked like a contact manager but spammed the address book among other exploits. This fakeware may become the biggest short term problem. In my opinion, going “bareback” and integrating iPads without security is opening a vulnerability to your organization that, at a future date, may bite you back, very strongly.
In the Android market, the malware beast has not only raised it’s ugly head, but grown and prospered. This isn’t a reason to run away from Android, but rather, if you are using Android tablets in your organization, you need to implement the same kind of security protection that you would for a PC. There are excellent anti-malware solutions out there from McAfee and others. In some ways, I’m more comfortable with the security of an Android tablet with the right antimalware tools than an iPad with none. We know what Android threats look like and can defeat them. With the iPad, when attacks hit, we’ll be dealing with an unknown. Also, I like security tools from known vendors I trust, not some 2 man company I never heard of, as can be the case with the iPad.
And then there’s Windows 8. Although the Windows 8 app store is smaller, that doesn’t eliminate the threat. And Windows 8 security tools are well known and available from very reputable suppliers. In addition, Microsoft is taking a very diligent approach to their app store with more oversight. I’m certain we’ll see malware attempts on tablets in the near future. Yet, Windows is an environment we know how to secure, has mature tools, and the threat vectors are clear. This gives me confidence.
App stores make lots of sense and can provide some cool tools. However, the reality is for all of the platforms, if you plan on using these tablets in a commercial setting, some level of security against existing or coming rogue apps that contain malware is essential.