Blog / What do Browser Plugins and Mobile Apps Have in Common?
They’re both more dangerous than you might think.
While it’s true that topics like password security, ransomware, and phishing attacks are serious issues in the cybersecurity industry, big problems don’t just disappear, and their solutions are complicated. Not only that, but writing about them can get repetitive sometimes, which is why I try to only write about those topics when there’s some new development.
But there hasn’t really been much to say on those issues lately, so although that introduction is just a touch misleading, I’m going to take a break from the ongoing big stuff and talk briefly about an often unknown side of cybersecurity: browser plugins and mobile device applications.
Now, at first blush browser plugins and mobile apps might seem very different. They’re different in their capabilities, how they are built, how they are installed, and just about every other way way imaginable. However, in reality they only seem incredibly different and there are at least a few topics they share common ground with each other..
The assumption of security
First off, remember that mobile apps and browser extensions are hosted on a service portals, like Apple’s App store, and Google Play (among others). Both services like to highlight security claims about pre-screening apps to ensure they’re safe for users. But of course no process is 100% perfect. In fact there have been plenty of times that malware’s made it through screenings and been downloaded by thousands, hundreds of thousands, or even millions of users.
To be clear, I’m not suggesting these services are ignoring their obligations to check software loaded onto their service; I’m just pointing out that they aren’t perfect. Mistakes will be made. Malware gets missed. These things happen. A problem arises when those running the stores create, intentionally or not, the false impression that if an app is available on an official store then it’s 100% safe.
The myth of automatic removal
Of the two big problems with apps and extensions, the increasingly pervasive myth that problem or dangerous apps get automatically removed from a device is the worse of the two, primarily because it just does not happen. When malware is detected in an application, the app is of course removed so users can’t download it anymore. Sometimes the app developer is also banned, along with any other apps linked to their account. This can vary depending on the actual reason for the take down.
But make no mistake, the app or browser extension does NOT get automatically removed from your device, and though it would be possible to do so (it wouldn’t even be particularly complicated), the functionality doesn’t exist. A company going into your phone and removing applications unilaterally is a violation of numerous privacy and computer use laws in countries all over the world. And even though it’s technically simple to do, it would be incredibly difficult to implement because the exact privacy legislation involved differs from country to country. As a result, responsibility for removing dangerous apps falls on you, the end user. Which would be perfectly fine if the expectation were made explicitly clear, but that doesn’t often happen.
So if you’re concerned about malware on your mobile applications and browser extensions, then good. You should be. And to be clear, I’m not suggesting you should become paranoid about every little game you download. But from a security perspective, only load apps and extensions you truly need and if you trust the publisher. There’s a big difference between downloading an Adobe Chrome extension to read pdfs in your browser or a copy of MS Word to work on your next proposal, and downloading a sketchy third-party word processor from a Chinese developer you’ve never heard of.
See? While they’re not precisely the same, both browser extensions and app stores present an opportunity for malware to find its way into your system, and nether of them feature automatic uninstallation of the offending software. I told you they had something in common. Many of the biggest issues in cybersecurity these days are actually caused by misconceptions and hopefully I’ve cleared up a couple of them. If you’d like to learn more about the security issues surrounding apps, app stores, and browser extensions, contact our cybersecurity professionals and get some stress-free IT for yourself.
This Shakespeare quote comes from A Comedy of Errors; “How many fond fools serve mad jealousy!”
Be kind, courtesy your friendly neighbourhood cyber-man.