Application controls needed to block mobile malware

A loss of confidence in mobile security could be catastrophic for the industry

Panelists at the MobileBeat 2009 conference agreed today that controls have to be placed on application development for handsets to avoid the security problems currently plaguing PCs.

Carriers and developers seemed willing to accept that some level of application control and certification was inevitable if the mobile platform is to remain largely free of malware. There was less agreement, however, as to who should wield the control.

"If you are totally open we'll have the same problems for mobile phones as we have for the PC," said Lee Williams, executive director of Symbian.

"You'll have to run anti-virus and security software and your data will be at risk. When you think about it, a mobile phone probably has more personal information on it than a computer."

Williams explained that, if malware did take firm hold in the mobile market, the results could be disastrous. If people do not trust their mobiles consumer confidence would collapse, particularly in lucrative data services.

"The other aspect is regulatory requirements," said Russ McGuire, vice president of strategy for Sprint. "There are things we are forced to protect by government regulations. There are constraints as to how we as an industry open that up."

McGuire added that carriers had to work with developers to make applications safer, pointing out that Sprint would shortly be holding its ninth annual developer conference when some carriers had yet to hold their first.

Tom Conrad, chief technical officer at Pandora, said that, from an application developer standpoint, developers had shown that they were happy to cede a level of control.

"Some developers would have said that Apple's App Store was doomed to failure because of certification processes," he said. "What we've seen is that developers are happy to trade control for access to a very, very large market. Control points aren't all bad."