Today’s smart phone has all the speed, storage, and network connectivity of a desktop computer a few years ago. Therefore, they are a treasure of personal information – and possibly the next battleground for computer security.

What makes the interesting smart phone – the ability to customize them by downloading an application – is what makes them dangerous. Apps make a real mobile computers, and Apple’s App Store has become a key factor in the success of mobile phones. But the application also makes smart phones target for cyber criminals.

Apple knows that it will not take more than a few malicious applications to damage the reputation of the iPhone. That is why the App Store is a walled community. The only apps that have are those listed have been approved by Apple. To get approved, the developer must create a developer account and pay an annual fee. A team at Apple evaluate and approve any version of any application that is made available. Apple reportedly turned down about 10 percent of applications submitted to the App Store because they will steal personal data, they contained “inappropriate content,” or is designed to help users violate the law.

Google has been doing fundamentally different approach to ensuring the security of a smart phone running Android. Like Apple, Android also has a store, called Android Marketplace, where users can download an application. But unlike Apple, any application can be uploaded to the Android Marketplace – Google did not evaluate it first. What Android protect users from malicious applications is the security model is based on “ability.”

Each application must tell the phone Android OS what abilities are required. When

You install applications, operating system capability list of these applications need to run. You can then decide whether their ability is consistent with what would be the application claims. For example, applications TaxCaster Mobile from Intuit requires “full Internet access” because the need to take your input, send it to Intuit’s servers, and show results. On the other hand, from Slacker Radio Slacker application requires Bluetooth, full internet access, modify / delete access to your SD card, the ability to change audio settings, the ability to read the identity of incoming phone calls, the ability to change the state Wi-Fi, and the ability to prevent your phone from sleep.

Capability-based systems have the advantage that imposed by the operating system. Not only is there a way for an application to do more than it says. It also does not depend on the vigilance of human screeners.

Problems with capabilities is that there is no way to ensure that the application will act in accordance with the trust given it. For example, back in December has posted a Web banking applications in the Android Market that appears to the First Tech Credit Union. It turns out false applications – just another phishing scam. Google removed the old rogue app after they were found, but it is unclear how many people fall for the scam.