As mobile devices have grown ubiquitous, so has our vulnerability to malicious attacks against those devices. Michael Coates is the director of security assurance at Mozilla, maker of the popular Firefox Web browser. Mozilla plans to release its own version of a mobile operating system sometime soon; with that in mind, Coates sat down with National Journal to discuss his approach to protecting users of handheld devices.
What’s problematic about our mobile-security habits today, and how is Mozilla trying to solve them?
When a user wants to install an application in Android, they're presented with a long list of permissions to agree to—or not install the app. In most cases, the user just really wants the app to work, so they click “accept.”
We've taken a different approach, where any sort of permission that accesses specific user data—like the camera, the geolocation, the contacts—the app would have to prompt users when the app is actually running. And the reason this works is it gives users context. Users using an application for finding restaurants in the nearby area, it would make perfect sense that geolocation is asked for. But if a user was playing a video game, and they wanted to advance to the next level and the game said, “We'd like to access your contacts,” the users wouldn't understand why they were being asked for it and say, “That doesn't make sense at all; I’m not going to let you do that.”
What can developers do if the user says, “No, you can’t have access to that”?
The prompt can recur if you want, but you can also say, “Just remember this decision.” Obviously, dialogue fatigue would be something we're concerned about. We want to make sure we build security controls that are usable. If the user doesn't understand it or feels it's an annoyance, then it's not a win.
What happens if the user hits “no”? Applications will be very much aware of the design for Firefox OS apps. So they need to be prepared and we’ll make very clear in the documentation that this is a user choice that either answer could come back to you—and you need to decide in your application what to do next. Now, you might think a poorly designed application would then reprompt the user and keep asking, “Well, you need to say yes.” That's why we're going to have strong feedback mechanisms where you can say, “This is either a poor-quality app” and you can rate it as such, or you could say, “This application appears to be malicious; they're really trying to get me to do something i don't want to do.”
Can network security be trained, or is the best way to rely on “nudging” cues?
In terms of training users, I think there needs to be a healthy level of security hygiene but we can't overly rely on that. We have to put users in situations where they have the right amount of information to make intelligent choices, and realize, when it's not feasible for them to make an intelligent decision, we need to have a default to put them in a safe position or realize that something else is a reasonable default.
But I think we have to be careful in how we look at that situation. An area that has failed for many different products in the past is asking the user too many questions where they don't understand why they're being asked. “This may be dangerous; click to continue” is a very hard question for a user. In Firefox OS, the developer needs to specify in their application. They'll submit at a tactical level something called a manifest. When an app says, “I want access to your camera,” it's going to say something like, “Well, to take a picture of you so we can set it as an avatar for this game.” That way the user understands what security decision they're making.
One idea Washington is really fixated on is foreign hacking. How do you prevent unauthorized access to the operating system?
The recent trend in desktop operating-system design has been to merge it with features from mobile operating systems. What kind of challenges does that present for you?
The items around user experience and design wouldn't be my area. But from a security perspective, the more we can unify the experience a user goes through, the better, because then they understand the security features they're interacting with.