The explosion in smart phone apps and growing number of users has created an opportunity for criminals to write apps that steal IDs, bank accounts and the like. When they succeed in getting unsuspecting users to download their malicious software, who should pay the damages?
We are definitely seeing an increase in criminal activity.
The question is arising in articles such as the ominously headlined article, “Dark Side Arises for Phone Apps”, in the Wall Street Journal on June 4. While Apple and Blackberry vet their apps, Google acknowledges that it checks for problems only when notified. An assistant director of the FBI’s cyber investigations division told the Journal, “We are definitely seeing an increase in criminal activity.”
Who is responsible for damages from a malicious app that steals private information? Who is liable when software turns a mobile phone into a spamming machine or distributor of malware?
The technology is so new that there are few cases and even fewer precedents. If an online store for apps vets them before putting them on the virtual shelf, is there an implied liability for not taking proper care? What about Google, which operates a bazaar for apps?
Roel Schouwenberg, a senior malware researcher at Kaspersky Lab Americas, says that marketers and others could be blamed for those problem. In an interview with MobileMarketingWatch, he said he expects Google Wave, iPhone and Android could sustain heavy cyber-attacks throughout 2010. The victims, whether they be individuals or businesses, will look for legal help in recovering from losses.