There are these clever little ways to send money through text messaging – Yele does it to help humanitarian aid after the quake in Haiti. Just text “Yele” to a specific number to donate $5 bucks to relief efforts. What’s wrong with that? In this case it’s for a good cause, but the very same technique could be used by others with less-than-honorable intentions. Misplace your phone? Before that was a hassle of immeasurable proportions, but now it could mean more – the same level of financial vulnerability as losing your wallet and credit cards. You can read more on the worrisome tactics of post-disaster funding scams at CNet’s post by Caroline McCarthy.

And what about email? Did you know that you can be held responsible for transactions over email? These annoying post-transaction marketing ploys are promoted by sites like VistaPrint who offer seemingly countless offers after completing a sale, all of which will lighten your wallet a bit (or more). The offering site already has your payment information saved, and their ‘special offers’ from affiliate sites push transactions through that were never authorized, or were authorized through the sharing of an email address, but no disclosure of credit card information.

It makes me wonder… when will authentication for mobile phones actually make sense – for security and usability? And will there ever be a day when the majority of companies have scruples? I’m just sayin’.

In an interesting twist of events, a rogue app called “Droid09” was uploaded to Android Market, claiming to be an official online banking app from First Tech FCU. The fake app then attempted to collect user login information – thus becoming the first phishing app for Android.

It makes me wonder whether there is any way for an Android-phone user to know whether a downloaded app is authentic or not. While we usually go to the websites of the companies we know and trust to download software patches and upgrades, both Apple and Google are essentially the middle men in delivering web apps from various service providers. You can’t just go to the Electronic Arts’ website and download a game for iPhone. Consumers will be at risk as long as there is no mutual authentication mechanism that would authenticate the service provider (and/or their app) before the user is asked for their security credentials.