Application stores are set to become the dominant model for software distribution. After only four years, they are incredibly successful. In 2012, Apple’s App Store and Google’s Play Store each topped 25 billion app downloads. App stores not only offer apps and media content, they also have near total control on phones and tablets that connect to them. Hundreds of millions of people place their trust in app store and device security every day. Unfortunately, this trust is sometimes misplaced and is starting to be eroded.
Also in 2012, mobile malware took off: tens of thousands of rogue apps have been found `in the wild’, including premium-rate SMS-sending apps, mobile botnets that are orchestrated to attack others, Trojans that steal passwords, and spyware that monitors users’ activities. Legitimate apps and mobile operating systems have also had flaws leading to exploits and information leaks. And as the Wired reporter Mat Honan discovered painfully this summer, the convenience of cloud backed-up synchronized devices means that a single break-in can destroy your data everywhere, in one fell swoop.
App stores of the future, and the devices they control, must be better defended and resilient under attack. Users and data owners need justifiable confidence that apps will behave well and will not cause damage, whether by accident through bugs, or by intention through malicious design. Security should be ever present but unobtrusive, not impacting performance or causing crashes, not forever downloading patches, not demanding complex decisions, and not in the hands of just one party.
Our research will examine a number of improvements to app stores and mobile device operating systems which will take us closer to future generation, secure app stores.
For example, we will design algorithms that will automatically analyse apps to ensure they are safe. At the moment, this has to be done manually by malware analysts in expensive, time-consuming and sometimes unreliable ways. Another improvement is to add “digital evidence” to apps. Digital evidence can guarantee that an app is safe and it can be checked automatically, even on a phone. Evidence establishes that the code is safe, whereas the current state-of-the-art in industry is code signing, which at best only says where the code has come from. Finally, we want to find natural, user-friendly security policies: rather than the user examining a long list of complicated permissions as currently happens in Android, we want to have a set of sensible policies for different types of app. Under the bonnet the controls will actually be more precise than at present: with our solution, a game, for example, would not be allowed to access anywhere on the Internet, just the few places that it really needs to go; a text-messaging app might only be allowed to send messages to contacts from a users address book, not unknown numbers that might be premium-rate.