Social Applications – Are They Safe?

There are so many small, fun & useful applications these days that we tend to download and/or use them without a second thought - but is it safe to do so? There are many tales of malicious applications which steal passwords, direct you to virus infected videos and more. How can we continue to have faith in social applications, without stifling the creativity and innovation that comes with new apps from new players?

If you are anything like me then you probably download various applications from the internet – some for serious purposes, others just because they make your life that little bit easier, and others purely for fun.  But are these applications safe? – do they contain viruses, aim to steal your passwords or have other malicious intent?  Where did you hear about them?  Is security an issue for you?

If we go back several years, most applications were fairly significant and we probably all spent a little bit of time researching them and their background, user comments, etc before downloading and/or purchasing.  Now we have a myriad of quick and easy applications at our disposal for immediate use, for example on Facebook, on the iPhone and Android app stores, et al.  They are so easy to get, download and use that it seems no issue at all just to do so and give them a quick try – I for example have downloaded 74 iPhone apps of which I probably use no more that 10 with any regularity at all.

So why do I think this is an issue at all?  Two news stories have combined in my mind to set me thinking.  The first is Apple getting a fair amount of grief for the way they tightly control their App store with applications having to go through a two week approval process; this being compared to the Android store where any app can be posted and users are relied upon to identify and highlight rogue apps. The second story is actually a slowly increasing wave of stories about scamming applications on Facebook that send you off to web sites which host various forms of malware, and those which attempt to steal your password.  Now Facebook has a Verified Applications process, though it seems only a small number of apps have this (shown by a green tick) and I am not sure how many users are really aware of the mark; Facebook also scan their application’s infrastructure (I know this because they have been in contact with me regarding our app SocialSafe, and they have recently banned a whole number of apps), but they clearly cannot be on top of all the apps that come through.

We therefore seem to have two approaches at play:

  1. the walled garden approach (aka Apple’s App store) where the gate guardian decides what can and cannot get through – in this situation applications should be safe, but is the guardian playing fair with what gets through (Apple have taken a lot of flak recently about not immediately letting the Google Voice app through);
  2. the let anyone post an application and remove bad apps afterwards approach – allows a rapid innovation cycle and meets the open market needs which is really what the social web should be about; however, is prone to the unscrupulous passing off apps which can destroy data, hijack your computer, etc as real ones.

So is there an easy solution? – probably not!  The answer I have come up with is to have a mix of the two solutions.  Have an “Approved” app scheme where the underlying owner of the ecosystem which the app runs on (Apple, Facebook, Google Android, etc) defines strict rules and assesses apps against those rules and gives the apps, if they pass assessment, the right to use some quality logo.  Then have the free for all, any one can post an application process – still using rules to define what is expected of an app, but allowing apps to be posted without any prior checking and relying on the user community to raise to the ecosystem owners any bad apps.  In this way as a user I can choose the level of risk I wish to expose myself to – if I am very risk averse I go only with approved apps; if I am a little more open I can go with unapproved apps but those I know reputable people recommend or are from reputable companies I trust already; if I am more adventurous I can try the unapproved and unknown apps.  This does require knowledge of the risks from the users – something the ecosystem owners would need to ensure was clear to their user base.

In this way we could get the best of both worlds – hopefully.