The smartphone buzz in '09? It's not a product
The smartphone industry is approaching a security crossroad and fast: whether to open up and by how much.
There's already a lengthy wish list as users ponder the invention of the "ideal" smartphone in 2009. All well and good. But I submit that next year's most important technology development won't have anything to do with a new feature or application.
Instead, it's going to boil down to whether mobile device makers open smartphones as widely as the personal computer. Manufactures and carriers, scared to death about the possible security implications, may decide that it's wiser to instead keep their devices closed. How long they can ignore the pressure is unclear.
That's because it's only a matter of time before smartphones supplant mobile and desktop PCs--maybe not today, but eventually. A recent report on mobile Web usage forecast the number of highly capable Internet browsers on smartphones expanding from some 130 million units this year to around 530 million by 2013.
Even before the market reaches that point, the implications for smartphone security are likely going to be profound. Not the least because smartphones will face the same sorts of security and virus breaches that have become commonplace in the PC scene. Let's face it, people are creatures of habit and if past is prologue, they'll get lazy about virus protection. Odds are they're going to commit the same stupid acts of omission and commission with their smartphones that they do with their computers.
"Smartphone owners have been sending mixed signals about whether they see the need or the responsibility to deal with security, or whether they see it as the responsibility of carriers to put it in right out of the box," said Jan Volzke, a McAfee exec I spoke with recently.
If you think about how people have used their cell phones, it's basically been for sending messages and communication only. Only recently have devices gotten more complex. When it comes to Internet viruses, worms, or phishing, it's all available.
That's where the pushing and pulling between advocates arguing more open is better and those arguing just the opposite becomes especially relevant. For the companies behind Android, the iPhone, the BlackBerry, and Symbian, more openness means more software development and thus, more creative applications in the market. But as Khoi Nguyen, Symantec's group product manager for its mobile security group, told me, the downside is that this invites the attention of malicious virus writers.
"New technologies are being introduced. Lot of these smartphones have Wi-Fi connections and lots of users will go onto Wi-Fi connections or install voice over IP apps on their devices," he said. "It will be interesting to see how that plays out and to see whether hackers try and take advantage. We expect that they will."
So why haven't there been major smartphone attacks yet?
Chalk it up to the absence of anything approaching the Microsoft "monoculture" in PCs. The smartphone market is fragmented among Symbian, Windows Mobile, Apple, Java, etc., thus making it harder for writers of malicious code to come up with their incarnation of (literally) a "killer app." Turns out then, notes Volzke, that the No. 1 protection in mobile boils down to counting noses: "It's still easier for hackers to make money working on the PC side than on the mobile side...Fragmentation protects us and equals out to a very poor return on investment (for attackers). "
Not exactly a consoling thought but it does mean that we've bought some time. How long, of course is anybody's guess.