stephen.schaubach writes: While checking out Google's Android app store I searched for a banking app to use with my bank. I was surprised to see three mobile apps listed and none of them released from the bank itself. I cannot say what any of these apps are doing behind the scenes for sure but the mobile app could certainly swipe your credentials and connect you to the bank at the same time a lot more convincingly than any phishing site could. Is this the beginning of mobile app phishing? It's hard to believe nobody at the app store end is checking to see if the app has been legitimately released/signed from the actual bank it's representing. It makes me wonder what other apps are out there mining people's personal data, phishing, etc. and what can be done about this potential risk to safeguard the general public? Has anyone else run into similar situations? Anti-phishing software like Nokia's Free Anti-Phishing app or mobile Safari's similar feature wouldn't protect the mobile user from an application doing something in via code behind the scenes. Perhaps only a code walk-through or a legit certificate would remedy this situation. Any thoughts?
You can bring any calculator you like to the midterm, as long as it
doesn't dim the lights when you turn it on.
-- Hepler, Systems Design 182