The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, published a new report this week that focuses on App-Store Security. The report, “Appstore security: 5 lines of defence against malware,” was published in response to the increasing number of attacks targeting mobile devices via app-stores. Over the course of 2011 numerous malicious apps were found, targeting a variety of smartphone platforms, including Android and Apple’s iOS.
Starting from a threat model for app-stores, the paper identifies what it calls “the five lines of defence” that must be in place to secure app stores from malware: app review, reputation, kill-switches, device security and jails.
“This report provides a very practical and technical analysis of malware threats for app-stores in under 20 pages. The Agency has made an excellent choice of security techniques, and the recommendations are ready-to-use,” says Raoul Chiesa, an Italian ethical hacker.
Without overlooking the differences between the various smartphone models and app-stores, ENISA recommends an industry-wide approach to addressing insecure and malicious apps. “The number of malware attacks direct at smartphones still pales in comparison to PCs. This paper is a blueprint for how to maintain this head-start and address security across app-stores.” says Professor Udo Helmbrecht, Executive Director of ENISA.
The full report is available here.
ENISA also recently published a full overview of smartphone risks which can be found here.