• Mobile Broadband
• Mobile Lifestyle
• Mobile Planet
• Industry Technical Solutions
  • PathFinder
  • Open Connectivity
  • Personal Instant Messaging
  • Evolution to IP
  • IP Interworking
  • Network Sharing
  • Fraud & Security
    • IMEI Database
    • Mobile Application Security
    • GSM Security Algorithms
    • Security Accreditation Scheme
    • Security Advice for Mobile Phone Users
• Public Policy
•  

Mobile Application Security

The market share of mobile user equipment with open operating systems is steadily increasing and will continue to grow rapidly in future. Openness offers clear benefits to customers, device manufacturers, software developers and operators as it facilitates the development of rich and compelling applications. However, openness also presents challenges and risks and malicious applications are likely to increase in number and complexity in the future. Therefore, mobile application related security is a key issue for the mobile industry.

GSM Association Mobile Application Security Initiative
The GSM Association identified the need for a more coordinated approach to application security across mobile operating systems to reduce the risk of malware whilst facilitating users and developers. A dedicated project team embarked on an industry initiative to proactively define and promote an effective solution across open OS platforms and operators. From the outset, the focus was on prevention rather than detection and cure and the objective was to use application certification and terminal security policies to create an environment designed to reduce the risk of malware impacting on consumers.

The challenges for the Mobile Application Security Special Project Team (MAS) were many and included the need to:

• Proactively protect mobile users from fraud and malicious applications
• Assure quality and accountability of mobile applications
• Maintain trust in mobile platforms (and avoid similar problems in the Internet world)
• Secure existing and future business
• Protect operators against costs originating from malicious applications
• Facilitate certification processes to reduce barriers for developers
• Ensure consistency across different OS platforms and operators.

Findings Published
In the course of its work, MAS defined a set of aligned terminal and certification programme requirements necessary to limit security risks and to support stakeholder needs. The initiative identified gaps in the existing terminal and certification process implementations and presented its key findings and recommendations to GSMA members and other key stakeholders on a confidential basis. A summary report of the MAS output is now available.

What's Next?
Although MAS has concluded its work, much remains to be done to ensure the barriers necessary to reduce the risk of malware are erected. Much of the necessary follow on work is already underway in the Open Mobile Terminal Platform (OMTP) and industry players are strongly encouraged to engage in the ongoing activities to further validate and strengthen the countermeasures already identified.

For further information on the Mobile Application Security project please contact James Moran