The large rewards available through these schemes is in notable contrast with other app store environments, where such provisions are not offered. The latter incentivise the responsible disclosure of vulnerabilities rather than allowing them to persist and risking their exploitation in malicious activities. Linked to their stance on maintaining security and resolving issues, the larger providers support vulnerability reporting and offer bug bounty schemes. While some stores include formal review and screening processes, and scan apps to prevent malware, others offer a more permissive environment that enables threats and risky app behaviours to pass through without identification. There are also notable variations in how different app stores guide and support app developers, including the level of expectation that appears to be placed upon providing safe and reliable apps, that incorporate appropriate protections and behaviours in relation to users’ personal data. The latter is particularly notable in terms of the presence and clarity of messaging about app permissions and handling of personal data, with some stores providing fairly extensive details and others providing nothing that most users would find meaningful. This is observed in terms of both the presence and content of related policies, as well as in relation to supporting users’ understanding when downloading specific apps. When it comes to supporting users, this review reveals that the app stores have varying approaches with correspondingly variable levels of information and clarity. In reality, however, practices vary significantly across providers – ranging from stores having clear review processes and attempting to ensure that developers communicate the ways in which their apps collect and use user data, through to situations in which apps are made available in spite of having known characteristics that could put users’ devices and data at risk. As such, they find themselves very much reliant upon the processes put in place by app stores to check the credibility of the apps they host. This includes both the guidance and controls provided to safeguard app users, as well as the policies and procedures in place to guide and review developer activities.Įvidence suggests that many users have concerns regarding the ability to trust apps and their associated use of data. While the underlying objective of all stores is the same, in terms of offering the distribution channel for the hosted apps, they can vary considerably in terms of their associated security and privacy provisions. These include official app stores from the platform providers, as well as a range of further stores offered by device manufacturers and other third parties. The current mobile app marketplace is focused around two main app ecosystems – Android and iOS – and there are a range of app store sources from which users can install apps. Specific attention was given towards app stores and apps intended for mobile devices such as smartphones and tablets. The objective of the review is to provide recommendations for improving the security of applications (apps) delivered via app stores, and to identify issues that may be of relevance to DCMS’s future work on the cyber security in these contexts. This report investigates issues of cyber security and privacy in relation to apps and app stores. This literature review was carried out by:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |