WASPA refines code of conduct to protect consumers

Johannesburg, 27 Aug 2018
Read time 4min 00sec
WASPA's revamped code of conduct establishes the security measures required from members.

The Wireless Application Service Providers' Association (WASPA) has amended its code of conduct to address the security risks posed by malware and ransomware downloaded by users from app stores.

The non-profit self-regulating industry body, which consists of 400-plus members, says its new code of conduct was adopted by its management committee following a WASPA general meeting in May.

Established in 2004, WASPA represents the interests of local wireless application service providers. Its code of conduct is endorsed by Cell C, MTN, Vodacom and Telkom Mobile.

The newly amended code, version 15.9, aims to help members address issues relating to securing their platforms against fraudulent attacks. It establishes the steps required by the networks to protect consumers against unauthorised activity on their mobile devices, according to WASPA.

It also outlines the proactive actions required by the mobile networks to prevent and mitigate the associated risks.

"WASPA's world-leading code of conduct sets the standard for responsible self-regulation. We continually refine the code according to which all members are expected to conduct their business. The potential threat posed by malware is a growing one and one that needed to be addressed," explains WASPA GM Ilonka Badenhorst.

The code has been continuously revised since May 2014 to reflect new challenges within the industry that provides SA's cellular users with mobile content and applications.

One of the newly amended fraud prevention clauses (clause 4.12) stipulates: "Members must take reasonable steps to prevent their networks and systems from being used in a fraudulent manner. If a member becomes aware that one or more customers have been billed and/or joined a service as a result of fraudulent activity (eg, malware installed on mobile handsets), the member must remove all affected customers from the service and refund those customers any resulting charges."

Another new clause (5.6b) stipulates: "Members must have honest and fair dealings with their customers; where a member passes on information about a service and/or content to a mobile network operator, for example, for display in a confirmation step presented to a customer, that information must be relevant to the service being provided and must not be misleading to the customer."

According to WASPA, the code is aligned with the Electronic Communications and Transactions Act, the Consumer Protection Act and the Protection of Personal Information Act.

"This means members who align their activities with the WASPA code are in full compliance with the applicable legislation, and now also with regulations recommended by international counterparts."

A PDF version of the code showing the changes from the previous version is available for download via the code archive page: http://waspa.org.za/coc/archive/. A copy of the revised Code can be found here: http://waspa.org.za/coc/15.9/.

App appetite

Ericsson predicts there will be over six billion smartphone users worldwide by 2020, as companies embrace the idea of 'bring your own device'.

However, this increase in mobile phone usage brings many pressing security threats, warn experts.

While mobile malware hasn't quite caught up to its PC counterpart in terms of volume or complexity, Kaspersky Lab's experts are seeing more mobile-specific malware designed to prey on smartphone features or tablet vulnerabilities. These include mobile ransomware, mobile spyware, MMS and SMS malware, mobile adware and SMS Trojans.

Kaspersky Lab's recent consumer risks survey revealed smartphone users in SA are becoming increasingly concerned that their mobile apps may be monitoring and tracking them, or sharing their data.

"Around 71% of South Africans are cautious about sharing their location data with Web sites and applications. Another 65% said they are 'very concerned' that someone can see everything they do or watch them on their device, and 59% were afraid they could be tracked down using geolocation information on their device."

In 2015, researchers from the University of Cambridge found that 87% of all Android smartphones were exposed to at least one critical vulnerability. And Apple isn't immune: in the same year, 40 apps were pulled from the official app store because they were infected with XcodeGhost, a form of malware designed to turn Apple devices into a large-scale botnet.

According to High-Tech Bridge, a provider of Web and mobile application security testing services, 83% of mobile apps within the banking, financial and retail sectors have a mobile backend vulnerable to at least one high-risk security vulnerability.