[SamAtt]

What the author misses is phones present dangers and costs that PCs don't. So his philosophy of "we've gotten by in the past and our PCs never had a review process" doesn't hold up.

In fact, it ignores the fact that a large percentage of the computers out there are part of one botnet or another. On the desktop it isn't that big a hindrance since high speed connections are cheap and unlimited. But if we open cell phones up to the same risk you're going to see serious consequences.

Forget bots pushing spam, forget monstrous phone bills, imagine a cell phone trojan that actually launches calls. It's a lot easier to create an effective DoS attack against phone lines.

There's a reason why even open leaning Google has a review process for their app store.

[kwantam]

> There's a reason why even open leaning Google has a review process for their app store.

You're either misinformed or being somewhat disingenuous comparing the Android review process to the App Store one. The Android review process consists of pretty much instantaneously running a piece of sanity check software against the putative application, and then immediately approving or rejecting it.

Yes, Google still has the ability to reverse decisions later, but this is more or less the only part where their "review process" is on par with Apple's. Anyway, you would expect that anyone running an application store would maintain this ability, at the very least to remove abusive or somehow illegal pieces of software.

(I'm not saying that I would never disagree with Google's particular decisions regarding their ability to remove applications. I'm saying that the Android model is pretty much exactly what the article is proposing for the App Store.)

[SamAtt]

Where did I say that Apple's app store process was identical to Google's? Or even close?

The original article quoted a post endorsing the idea of no approval process while saying the person writing that article was right. To me that's an endorsement of no approval process and I was responding to that by saying even Google has some kind of approval process in place.

[skolor]

The great thing about phones though, is that they work both ways. You get one line going in, and one going out, and that's all you can work with. If that was regularly being tied up, you'd notice fairly quickly and expect someone to fix it.

Your computer, on the other hand, can take at least several dozen concurrent connections. If a few of those are tied up sending spam, or being part of a DDoS, you are barely going to notice, especially if you're the type of user who is only on the computer to browse "websites".

[SamAtt]

I'm not sure this would make a difference. Even the largest companies generally only have a couple hundred external lines.

(internal office phone systems don't give each number it's own dedicated external line for those who don't know)

So if you can manage to infect just a very small amount of people you can wreak some pretty serious havok. And since the iPhone will return to the program once the line is disconnected you could launch a pretty effective attack against a companies phone lines.

[skolor]

Right, but the iPhone user would find it a lot more noticible. The reason botnets can exist are because they users of the infected computer don't try to fix it. With a phone, the incentive to fix the problem is much biger: it eats up 100% of your available resources every time it attacks someone.

[SamAtt]

Yes, if the people making the malware were complete idiots and ran down people's batteries it would be noticeable. But, as on the PC, I'm sure they could find a way to make it just subtle enough to not be noticed. Estimates place the number of personal PCs infected with some kind of malware as high as 89% (http://www.webroot.com/resources/stateofspyware/excerpt.html) so I have to believe they could find a way to con a good percentage of cell phone users if given the chance.

[skolor]

That is because malware is a very general term, since it applies to everything from a full blown virus that destroys your computer to a tracking cookie that reports back to a server what you do online.

The reason malware is able to run rampant on computers is simply because of their versatility. A piece of phone malware is fairly limited. The botnet analogue is an auto-dialer, which completely ties up the phone's primary resource (its phone line). On a botnet, it may tie up a good portion of the computers connect, but enough gets through that the user just deals with it.

Actually, if all the malware was doing was draining the battery I doubt the phone users would notice at all. They would assume their phone was getting old and losing its charge, the same way users now assume the reason computers gets slow is because its getting old.

I just don't see any reason for phone-based malware. There are two types of malware: High intrusion and Low intrusion. High intrusion are things like Botnets and Auto-spammers. They tie up a lot of the computer's resources in order to make a profit off of them. The Low intrusion malware are things like tracking cookies and keyloggers. They exist because they gather data, and then send it en-masse to a server, where it is analysed and sold.

High intrusion on a phone does not have any place. The user will take their phone back to their provider because it doesn't work. You can't tie up just part of a phone line, its all or nothing. You could tie up part of the internet connection, but the user is paying for that out the nose and will notice any sizable use of the connection.

Low intrusion is possible, but users (at least from my experience) don't do anything particularly useful for that kind off malware on their phones. You can steal their browsing history (maybe), or their call logs/messenging, but the second isn't valuable (a little, but not much, definitely not worth the risk), and the first, from my experience isn't valuable. Users just don't go to those high value sites (bank sites and the like) on their phones.

[LogicHoleFlaw]

Hell, if botnetted PCs started racking up huge erm, phone bills, maybe people would actually maintain them in the first place!