Application controls needed to block mobile malware

Panelists a the MobileBeat 2009 conference agreed today that controls have to be placed on application development for mobile handsets to avoid the security problems currently plaguing PCs.

Both carriers and developers seemed willing to accept that some level of application control and certification was inevitable if the mobile platform is to remain more free of malware than PCs. There was less agreement, however, as to who should wield such control.

“If you are totally open we'll have the same problems for mobile phones as we have for the PC,” said Lee Williams, executive director of Symbian.

“You'll have to run antivirus and security software and your data will be at risk. When you think about it a mobile phone probably has more personal information on it than a computer.”

He said that if malware did take firm hold in the mobile market the results could be disastrous. If people didn't trust their mobiles then consumer confidence would collapse, particularly in lucrative data services.

“The other aspect is regulatory requirements,” said Russ McGuire, vice president of strategy for Sprint.

“There are things we are forced to protect by government regulations. There are constraints as to how we as an industry open that up.”

He added that carriers have to work with developers for safety in applications, pointing out that Sprint would shortly be holding their ninth annual developer conference when some carriers had yet to hold their first.

From an application developer standpoint, Tom Conrad, chief technical officer for Pandora, said that developers had shown that they were happy to cede some level of control.

“Some developers would have said Apple's App store was doomed to failure because of certification process,” he said.

“What we've seen is developers are happy to trade control for access to a very, very large market. Controls points aren't all bad.”