Design Con 2015

Do smartphones really need antivirus software?

-July 05, 2012

Today smartphones are no longer used just as phones. They are highly sophisticated and complex devices with advanced capabilities like email, GPS navigation, Internet and many other applications like VPN to be able to connect to corporate firewalls.

It would be safe to assume that smartphones today include much more personal information - like contacts, call history, messages, and banking apps - that if compromised can cause more severe damage than what could have been the case with a traditional computer or PC. Some malware examples may include:

  • Tricking you into entering financial information such as account number, date of birth, etc., and sending it to bad guys using the data connection.
  • Sending a message to "premium service" SMS numbers that cost extra money.
  • Monitoring your phone calls and text messages.

This may not be much of an issue with iOS devices, as apps posted on the App Store are validated or signed by Apple before they get downloaded. One may often think antivirus software on mobile devices would be highly desirable to protect the phone from spyware and viruses, and to be able to scan any files downloaded from the Internet, which leads to the question: Do smartphones really need antivirus software?

Concept of "Sandboxing"
Before being able to answer this question, it's important to understand how modern smartphones work, and how the model is different from a typical computer. On a normal system, a program has the ability to access all system resources.

The entire unprotected RAM, hard drive content, and more can be read, unless it's specifically locked down. So if users download malicious software - either because they were tricked, or they went to a web page using a browser that wasn't fully patched yet - then that software can read keystrokes, scan the hard drive for useful file types, and then send that back through the network.

Modern iOS and Android-based smartphones have been designed with a different approach. Instead, each app is given its own work environment, and is unable to access other apps' data (see Figure). This is what is popularly known as "Sandboxing" - a security mechanism for separating running programs.

This image illustrates the concept of "sandboxing," where each app is given its own work environment, and is unable to access other apps' data.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. In this sense, sandboxes are a specific example of virtualization as if you are running every single application in its own virtual machine.

This means that no malicious software can do much harm by simply being installed. In the case of iOS devices, there's the additional benefit that any app must be downloaded from the App Store, and is vetted against potential problems. In the case of Android, Google introduced "Bouncer" to help scan all play store apps which can filter out most malware apps, but is certainly not foolproof.

This simply means that any antivirus software that one installs would not be able to scan other apps, or data used by other apps. The only way antivirus software could do anything meaningful would be on rooted or jailbroken devices. So, by design, smartphones are way more secure than a PC.

Power of "Kill Switch"
Apart from sandboxing, most modern smartphone operating systems includes a "kill switch" feature – a feature that can remotely delete software and edit code without the user's permission. So even if malicious software or an app manages to get installed, it can be remotely removed by the phone manufacturer.

Again, this is easier for Apple as they have control of the entire eco-system and can remotely remove the bogus app immediately. On Android one would have to rely on the carrier to provide updates, as Google does not directly distribute its own operating system updates and it may take several weeks before a fix is deployed.

There have been many instances where both Apple and Google have removed malware apps remotely without intimidating users.

Conclusion
Since the apps are sandboxed, antivirus software would not have the ability to scan other malware apps. And the fact that apps can be remotely removed by the vendor with a "kill switch" feature just makes antivirus on smartphones completely useless. I would like to still hear from others if they think otherwise?

Loading comments...

Write a Comment

To comment please Log In

FEATURED RESOURCES