GCN LAB IMPRESSIONS
Mobilescope warns you when apps are leaking data
- By John Breeden II
- Aug 14, 2012
It seems every federal agency is trying to get its employees to go mobile in some form or another. Some agencies are in the process of changing from one major mobile platform to another, and a few are considering integrating users’ personal smart phones into work networks.
Any of those plans can be dangerous, especially if you don’t have all the information.
I’m reminded of G.I. Joe, who used to say that knowing was half the battle. But in the mobile world, programs are mostly delivered as applications, or apps for short, and who really knows what those little things do once they are on a phone? Given that a phone is a communication device itself, it makes sense to wonder if an app is sending out more than it should without a user’s knowledge.
Harvesting your data? Suit alleges there are lots of apps doing that.
Apple, Google, MS, 3 others on board with mobile apps privacy mandate
The Mobilescope service can help. It keeps track of all your apps and what they do when you’re not looking, or what they hide from your view. I was able to test out the service, which is still in beta, over the past weekend. It reminded me of an extrusion prevention program on a desktop, one of many the lab has reviewed in the past, such as Identify Finder.
However, Mobilescope is a little bit different, and not only because it’s designed for the mobile platform. Mobilescope doesn’t actually prevent data from leaving your phone, but it can tell you what types of data have left, and which apps are responsible for the traffic.
Once you register with the Mobilescope site, you will get a configuration file that will direct your phone to route all its traffic through Mobilescope’s servers before moving on to a final destination. This adds a few seconds to the transit time, but you probably won’t notice.
That data is then analyzed and you can see what each app on your phone collected over time. Alerts can be set up so that if Mobilescope detects data you deem personal or classified being sent, it will warn you. This won’t protect that data, but will let you know that an app is collecting and sending out information you don’t want to move.
You can then choose to uninstall the offending app to prevent future security breakdowns. Mobilescope can’t unencrypt packages of course, but will let you know if an app is sending out encrypted data.
I think that the biggest problem feds will have with Mobilescope is that to use it, they have to direct all their traffic through an outside server. I’m sure the Mobilescope folks are good people, but giving them that kind of power over federal data probably isn’t going to happen.
However, I could see the Mobilescope technology being used by federal IT people, who could use it with test phones to see if an app is safe for deployment to the overall user base. Mobile phone operating systems give surprising leeway to apps, letting them do pretty much whatever they want. Mobilescope can let users peek behind the curtain.