We interrupt this 2010 predictions column to predict trouble ahead, first for mobile banking apps, second for ISPs who stupidly piss-off my readers, and finally for buyers like me of Dell Vostro A90 netbooks. I further predict we’ll return with more prediction columns within hours.

First the mobile app problem. My friend Stephen Schaubach just noticed something about mobile banking apps that is very scary. He wrote about it tonight on Slashdot, but since he’s my friend (Stephen introduced me to my wife — I think that qualifies him as a friend, don’t you?) I feel okay about the duplication.  As for that introduction many years ago, Stephen was just showing her off, not realizing that I would see in her great potential as the mother of difficult children.

“While checking out Google’s Android app store I searched for a banking app to use with my bank, ” wrote Stephen. “I was surprised to see three mobile apps listed and none of them released from the bank itself. I cannot say what any of these apps are doing behind the scenes for sure but the mobile app could certainly swipe your credentials and connect you to the bank at the same time a lot more convincingly than any phishing site could. Is this the beginning of mobile app phishing? It’s hard to believe nobody at the app store end is checking to see if the app has been legitimately released/signed from the actual bank it’s representing. It makes me wonder what other apps are out there mining people’s personal data, phishing, etc. and what can be done about this potential risk to safeguard the general public? Has anyone else run into similar situations? Anti-phishing software like Nokia’s Free Anti-Phishing app or mobile Safari’s similar feature wouldn’t protect the mobile user from an application doing something via code behind the scenes. Perhaps only a code walk-through or a legit digital certificate would remedy this situation. Any thoughts?”

I think this is potentially a huge problem that snuck up under our noses. And there’s more of it than just at banks. On my iPhone, for example, I have apps for Netflix and Red Box video rentals, neither of which was produced by those companies and both now know my account numbers and passwords.

Yes. there are outfits like Mint.com that ask for all our account numbers and passwords, but Mint at least has a lot on the line as now a part of Intuit. With many mobile app developers being one-man outfits, it’s easy for a bad guy to get away with murder by offering a service that appears to be a heck of a deal but is really being used for identity theft.

I just wrote a paragraph here explaining how I would go about running such a scam then realized that was just encouraging crime. Needless to say there are a number of common user habits that can be leveraged quite easily to obtain the most private user information. And what can be done probably is being done right now.

Remember that while your bank may cover financial losses that are their fault, your signing-up for a bogus third party mobile banking app counts as your fault and the bank probably owes you nothing.

Second complaint: Time-Warner Cable doesn’t seem to care about helping its customers fight crime. Here’s the story from reader Andy Barr back in my old stomping grounds of Holmes County, Ohio:

“My parents house was robbed and their computer stolen. I had installed www.logmein.com on the computer so when it showed up on the internet 18 hours later I was able to get the IP address and give it to the police, which in turn asked Time-Warner cable, the ISP for that IP address, for an address for the thief. Time-Warner has a web page specifically about how to get this information.

“It seems straight forward. However the police are computer illiterate. They had no idea what an IP address was but I explained it to them. The police submitted a request and then 10 days later Time Warner came back saying they don’t have a computer with that IP address. It seems the person who submitted the paperwork listed the wrong IP address.

 

“So they resubmitted again, waited two more weeks and this time Time-Warner said they needed a time and date when the computer was on the internet with the given IP address. I had told the police about the above web page but in spite of this they evidently did not put any the time or date on the subpoena.

This is Bob again. We’ll get back to Andy’s story in a moment but my experience with cable modems and cable ISPs is that while their IP addresses are technically dynamic — that is subject to change at every login — in practice they hardly ever are changed.  Most cable Internet users have exactly the same IP address for years. Just to be sure I ran this information past another friend who was one of the architects of Time-Warner’s Roadrunner system and he confirmed that IP addresses are essentially permanent. So this particular dodge from Time-Warner is nonsense.

Back to Andy: “They resubmitted again and waited another three weeks. This time Time-Warner came back saying they now need a search warrant. The police submit a search warrant and now three months since the IP address was given to the police they still have no information from the cable company.

 

“After a few weeks of waiting, I used logmein’s pro version to connect to the computer and downloaded all my parents’ documents and pictures. I found a picture of the likely thief in front of the computer. I also have the person’s name and Myspace page, though the police don’t seem interested in tracking down the person using that information. ”

I feel Andy’s pain, don’t you? Time-Warner Cable appears not to want to be bothered. In fact they are probably annoyed at the persistence and technical capability of Andy. If anyone from Time-Warner Cable is reading this or if you are a Time-Warner Cable customer who doesn’t want to have a similar experience, now would be a great time to speak up.

Third complaint: My son Fallon’s Vostro A90 netbook, which I wrote about right after Christmas,  was finally repaired successfully by Dell but now the Vostro thinks it is an Inspiron 10V.

It took Dell a few days to notice my column about Fallon’s A90 that wouldn’t charge and my many attempts to get it fixed. I eventually got a call from a very nice guy in Dell PR who became my official contact, whatever that means. It sure didn’t mean better customer service. I got a call from Dell support saying that had received the Vostro for a second motherboard replacement and I’d be getting an update from them just as soon as they heard from the repair depot, probably within min