PhonepayPlus, the UK regulator of premium rate telephone services (PRS), hosted a summit yesterday for the mobile industry, internet security experts, law enforcement bodies and GetSafeOnline. The summit was designed to tackle the emerging threat of PRS malware attacks on smartphones. It was the first meeting of its kind, and agreed to take steps to develop greater intelligence sharing between industry, regulators and law enforcement to help early detection and disruption of mobile malware attacks. The summit also agreed on the importance of ensuring that consumers are properly informed about malware risks and the appropriate steps they can take to help protect themselves.
Malware involves the insertion of malicious code into computer programmes or applications. This can result in “trojanised” apps that may appear totally normal to consumers, but are, for example, programmed to dial premium rate numbers from the consumer’s handset without their knowledge or consent.
Malware has been around in the PC environment for a number of years. PRS malware in the mobile environment is relatively new and is still small in scale compared to malware on PCs. However, the rapid development and penetration of smartphones clearly creates opportunities for malware on mobiles to become more prevalent. The House of Commons Science and Technology Select Committee’s recent report on malware and cybercrime states that while approximately one in three adults use a smartphone, “there is a distinct lack of understanding around related security issues”. The report also noted that there was an 85 per cent increase in malware detections on one platform in the first six months of 2011.
The summit and the actions emerging from it represent a commitment by all parties involved to deal proactively with this threat. The objective is to ensure that the UK continues to be a market that is well protected against online criminal fraud, so that consumers can continue to use premium rate and other mobile services with confidence. 
The general message to consumers is that they should not be unduly alarmed and they should bear in mind that the UK is a well-protected jurisdiction. However, they should be aware that malware attacks can happen on their mobile and they should take appropriate security precautions, as they do on their PC.
PhonepayPlus advices consumers to treat smart mobile devices in the same manner as desktop computers; to stick to reputable app stores; and to “be aware of clicking on in-app ads and notification messages”.
