This whole issue is primarily a point about food labelling - people were expecting beef and they got horse, but the other point is that this food was really cheap, so the pressure within the supply chain to get cheap ingredients was very high. This was highlighted again in today's Sunday Telegraph article: "Why meat can no longer be considered a cheap commodity". Mark Price, the CEO of Waitrose says in the article that "if.. ..there is a requirement to hit a price point for consumers under financial pressure then there will be an inevitable strain in the supply chain. If the question is “Who can sell the cheapest stuff?” I’m afraid it is inevitable that there will be a slackening of product specifications".
|You get what you pay for|
This is also the case in other industries. The mobile industry has for years been ruled by the device purchasers of the mobile network operators. Inevitably, on the security side they don't want to pay for it. This is because a) they don't understand it and b) they don't see the consequences of not having the security included. It has only been recently that there is a 'mild' expectation that security is included, but it should be part of the standard feature set. This is also the attitude of the consumer (rightly). Customers have the right to expect that what they buy is safe and secure and isn't going to harm them. They also expect that if a bank provides them with a secure banking app, that it does what it says on the tin - that it is labelled correctly and they're not getting horse meat when they paid for beef.
Supply Chain Value, Integrity and Security
The race to the bottom of the mobile supply chain has been typified by the first thing to go, security - security in terms of secure hardware components that add $1 to the bill of materials and security that is gained through software quality - proper security testing and secure coding costs money. You can see this in many areas of the mobile industry, from equipment vendors who sell really poor quality product at super-cheap prices for inclusion inside the mobile networks, through to femtocell vendors and device manufacturers who again sell devices without adequate security which end up in consumer hands. Not only this but the supply chain integrity of such cheap products is questionable - what if the chip that you thought was made by Qualcomm was actually a counterfeit device? What are the implications for security? One of the key questions for cyber security is the security and integrity of the supply chain for key equipment. Another should be what the acceptable level of security is in equipment sold to consumers and how to assure that.
You Get What You Pay For
The same applies to mobile applications. The economics of the current apps ecosystem just don't stack up properly. For mobile apps stores to test every application properly would cost more than the companies would make for them and the vast majority of apps are free. So what incentive is there for anyone in the apps supply chain to securely code them or check that they are ok? Luckily in the main app stores there is (at the moment at least) an adequate level of testing and checks in place, but for the rest of the world that don't have access to those app stores, the situation is dire. Just as with the horse meat scandal, it is the poorest people in the world that suffer the most. They have no choice - they're almost forced to download apps from questionable sources and they've got to like it, because there is no other choice for them. Unlike the food safety world, the weird situation in the app environment is that you also have an industry that constantly tells consumers that they might be eating horse (even though they're not) - that is the anti-virus industry. Also, completely unregulated and free to make unsubstantiated statements by making incredibly tenuous links to rare incidents in other countries that are not linked to the phone you use. This wanton manipulation of statistics for profit is as irresponsible as selling poor quality and mis-labelled products and needs to be reined in.
Horse Meat for Beef Prices
A few years ago when new European health and safety legislation was introduced around abattoirs in the UK, the smaller abattoirs were up in arms saying that they couldn't afford to implement the new rules. They also argued that consumer choice would be impacted as only the big abattoirs would be able to supply, what would be a limited choice of meat. However, look at this from the consumer point of view - what they're really saying is that they can't meet adequate requirements to supply you meat that isn't going to harm you. What would you want: safe meat or a bit more choice?
With global austerity in full swing, scrimping on things that people don't consider to be essential is going to happen. The problem is, security in mobile communications products is essential these days for lots of reasons. Perhaps there need to be minimum standards for industry around getting 'adequate' security in order to prevent this race to the bottom for cost reasons. As a consumer, I'm paying beef prices and often getting horse meat.