New iPhone Raises Smart-Phone Security Concerns - Page 2

Unlike personal computers and laptops, smart phones have not seen much in the way of malware outbreaks. The biggest threat to smart-phone security is simple absentmindedness, according to Yankee Group analyst Andrew Jaquith.

"Leaving your phone in a taxi or in an airport X-ray bin is the biggest security risk," Jaquith said. "Thus, the best thing companies can do is make sure the phones are backed up or synced to a server [or desktop]. Enterprises also need a remote-kill tool that will make sure the phone is turned into a brick if it is lost."

The iPhone 3G's SDK (software development kit) will certainly make it easier to write native software that behaves badly, he said. But, if anything, the SDK does more good than bad because applications will need to be digitally signed to run and the certificates used to sign the binaries are issued by Apple.

"Although details on how Apple is enforcing this are a little fuzzy, it seems pretty likely that they will have to tools they need to prevent bad software from running," Jaquith said. "If software turns out to be malicious, Apple could take several actions. If it's an [application] that's available through their App Store, in theory they could simply remove it from the App Store directory, or revoke the developer certificate that signed the application. ...

"In practice, we'll see how this goes-it implies that Apple will need to police the apps they offer in their store. How vigorously they do this is an open question."