Real World Computing
The mobile threat
"The most widespread malicious programs at the moment are Cabir and ComWar, which we registered in over 30 countries, at which point we stopped counting. Cabir was the first virus for smartphones and was detected by the Kaspersky Lab in June 2004.
"The program itself is a concept and is not dangerous, being developed to test whether Bluetooth could be used as a distribution medium. However, the fact that Cabir makes use of Bluetooth all the time means it quickly drains a telephone's battery. Bluetooth's radius of activity does not extend much beyond 10m, making crowded areas such as transportation, sporting events and concerts the ideal places to spread Cabir.
"Another common virus is ComWar. It spreads via Bluetooth and MMS. Despite the fact that it is also a concept, it causes significant harm - users have to pay for MMS messages sent by the virus. ComWar has already been responsible for localised epidemics such as that in Spain in May 2007 when 110,000 smartphones were infected.
"Both viruses were developed for the Symbian operating system. Viruses for Symbian are currently the most prevalent. Malware for Windows Mobile does exist, but the relatively low usage of that operating system on smartphones means virus writers have paid less attention to it. The rise in popularity of smartphones will undoubtedly lead to the appearance of more and more sophisticated malware and new epidemics."
To my mind, this just backs up what Symantec told me: right now, there's a somewhat limited threat to certain older Symbian phones, and the viruses that do exist mainly seem to be non-destructive and with limited means for infection and spreading.
So I'll leave it up to you, dear reader, to decide whether you need antivirus software on your phone: both products I've mentioned cost around $30 and include a year's worth of updates. As for me, I really can't feel my credit card twitching just yet. These products aren't snake oil - I'm sure they work, I'm just not convinced that there's any need for them right now. But then again, you know what tends to happen when I say something like that in this column!
My location, your GPS!
Last month, I wrote about how the latest version 2 of Google Maps for Mobile (GMM) is able to find your approximate location without using GPS - it's all done by finding the ID of the cell tower that your phone is currently logged into, and then doing a database lookup to find its co-ordinates. It seems this has caused some controversy, so let me try to explain why.
The conventional way to convert a cell tower ID into a geographic location is to pay a small sum (typically 20p in the UK) per lookup to the relevant mobile network. Bigger players can pay a small fortune to buy the whole dataset, but this is normally prohibitively expensive. But Google apparently decided to bypass these usual channels: for some time now, it's been collecting data from people with GPS-equipped mobiles, and whenever one of them uses GMM on their mobile, with each request for a new map tile the application sends the phone's current cell tower ID to Google along with its current GPS co-ordinates. Over time, this has allowed Google to accumulate its own database of cell tower locations, bypassing any need to pay megabucks to the mobile networks. I think this is both very sneaky and incredibly clever (from a business point of view, if not technically), but some people are rather upset about Google's behaviour.
First, it appears that some versions of GMM's privacy policy didn't say that Google would be collecting data in this way, and second, even once the policy text was updated, the bit about location logging was buried deep in the small print and not made clear to users. Some users believe Google was "being evil" inasmuch as it should have announced to GPS-enabled users of GMM that their data connections were being used to build a cell tower location database. As it was, most GMM users were completely unaware of what had been going on behind the scenes.
