Unfortunately, in the case of mobile security, simple is better. It is the much more complex phones with their multi-feature operating systems that scares me. It is now possible to develop all kinds of interesting applications that could potentially sit and listen or present in another format. Clever developers can build applications living in these operating systems (Android, Apple etc.), that could potentially steal sensitive financial information and send it off to another recipient. Michael argues that application developers and operating system producers should be the gate-keepers to the security of mobile phones. This is unfortunately a pipe-dream. Somewhere one will find a rogue developer that will flex his/her skills to get (in)famous by stealing sensitive information.
I believe that the solution can be found through a combination of some of the following:
- Education to ensure that rogue applications do not get installed easily. Consumers must be taught that one should not install any old applications on a mobile phone.
- Building mobile banking applications with simple security designs that are easily understood. For instance building security on simple PIN entry mechanisms that most people understand and can relate to.
- I believe that hardware and firmware manufacturers should become part of the solution. Security designs should ideally utilise primitives available in the phone or the SIM card and this should be visible to the consumer.