A new free Android app is seeking to dramatically improve security for smartphone users in the developing world - and make the world's cyber-security ecosystem safer in the process.
The app, which will be available for download later today, is made by Quad9, a nonprofit organization founded by a coalition of tech companies and law enforcement agencies that offers free basic cyber-security to tens of millions of users across 88 nations - especially people who lack other cyber-security protections.
By expanding to mobile, the organisation will increase protections in poorer parts of Africa, Asia, and Latin America, where users are far more likely to use smartphones as their only route to the Internet, Quad9 Executive Director John Todd told The Washington Post in an exclusive preview of the app's release.
Hacks in those nations are often far more damaging to victims because they lack a financial cushion to recover from the losses, and banks and insurers are less likely to cover them, Todd said
"Bricking a smartphone that costs one month of wages is a much more serious issue than bricking a smartphone that costs one day of wages," he said, using a slang term for a digital attack that renders a phone or computer as useless as a brick.
But the bigger idea is to improve the whole cyber-security ecosystem, Todd said - because hacking campaigns that start in the developing world rarely stay there. Hackers often target the least protected systems - wherever they are in the world - and then use the computing power they've stolen there to send phishing emails or launch denial of service attacks against much juicier targets, including major companies in the US and elsewhere.
"By protecting these individuals, we're protecting the larger Internet," Todd said. "We're keeping the Internet a more stable place."
And US law enforcement has a vested interest. Quad9 was founded in 2017 by a coalition that includes IBM and the Global Cyber Alliance, a nonprofit organisation launched by groups including the New York County District Attorney's Office and the City of London Police. These cities lose millions of dollars to global cybercrime networks and local police and prosecutors launched the coalition as a way to proactively respond to threats outside their borders before they turn into crimes. Quad9 still receives much of its funding from those organisations but is managed fully independently, Todd said.
The organisation offers Domain Name Service, or DNS, protection, which means it prevents people from connecting to malicious websites - such as phishing sites that look like a bank's website but are actually stealing log-in information. That means it won't protect users from all hacks, but it will protect against a lot of the easiest and most pervasive ones, Todd said.
Quad9 is far from being able to fix the scourge of global hacking, but Todd thinks it can make a sizable difference - especially in several nations where it's the only DNS system that offers similar security and privacy protections.
And there's evidence it can be extremely helpful. Quad9 deflects at least 10 million connections to malicious websites each day, Todd said, and can deflect more than 40 million malicious connections on a busy day.
In one case, a mobile carrier in Kinshasa, capital of Congo, adopted the service for all of its users, and the number of blocked sites just in that city surged to about 150,000 per day, Todd said.
It's difficult to say how widely Quad9 is used because the organisation doesn't store information about users, Todd said. It serves at least "tens of millions" of people each day, and Todd expects that to grow by double digits with the Android app.
The organisation's growth in the developing world is about double what it is in the developed world, he said.
Quad9 has tried to foster that growth by building out infrastructure in countries where it doesn't make economic sense for for-profit cyber-security companies to locate - including 33 locations in Africa crossing 27 countries - so people there can use the service without dramatically slowing down their Internet speeds.
© The Washington Post 2019