Tim ‘TK’ Keanini, CTO at Lancope, has compiled his top three reasons why a shopper’s most trusted device is a mobile device and not a PC
Reason 1. Mobile applications built specifically for the shop are safer than a general-purpose browser
On tablets and smartphones, retailers have their own applications these days, and while they could be targeted directly by the cyber criminals, you at least don’t have to worry about the common browser vulnerabilities like cross-site request forgery and other nasty attacks like man-in-the-browser. While nothing is 100% safe, bad guys have only a finite set of resources, so for them to develop advanced exploitation for the hundreds of retail applications out there is just not feasible. The larger and more successful retailers like Amazon are no newcomers to cyber threats, and they have done very well to keep their applications up to date and secure.
Reason 2. Mobile applications play in their own sandbox
When most mobile operating systems were authored, malware had already been on the scene wreaking havoc in the general operating system world of PCs. In the mobile environment, each application is partitioned in such a way that it has only what it needs and nothing more. This technique is known as sandboxing, and it clearly spells out what services and information an application will be able to access, and requires the user’s permission on these options before installation. Windows 8 has begun to bring this technique to the PC world, and I think in a few years, the thought of an application just having free reign to anything it needs will be crazy talk. Remember, malware is just another application, and if given its own sandbox, its capabilities are greatly limited. This does not excite the cyber criminals, so they just go play somewhere else.
Reason 3. Legitimacy of applications
The distribution of applications on mobile and tablet operating systems greatly differs from those of the PC. General PCs grew up in an age where the chain of custody or provenance of any application was not important, and thus, malicious applications could easily end up on your computer, and your recourse was limited as there was just no way to trace them back to the author. The Microsoft Store, Apple Store and Google Play are all authoritative over the distribution of applications, and as long as there are no jailbroken IOSes or sideloaded applications on Android, there is a clear chain of custody back to an author such that even if a malicious application tries to sneak by, mitigation and remediation are swift. This fact, combined with Reasons 1 and 2, make holiday shopping on your tablet or smartphone much more secure than on your PC.
Everything I have said so far is relative in that no operating system is completely safe, but as we enter the 2013 holiday shopping season, I am confident in asserting that given the three reasons above, tablets and smartphones will be safer devices on which to carry out your holiday shopping. I would even go so far as to say that this applies to your online banking too. For increased security, make sure to audit your debit card, credit card and any other financial accounts from your tablet and mobile device via the purpose-built applications delivered from the appropriate app store.