Online stores run by Apple, Google and others now offer more than 2,50,000 applications such as games and financial tools. The applications have been a key selling point for devices such as Apple's iPhone. But concerns are growing among security researchers and government officials that efforts to keep out malicious software aren't keeping up with the apps craze.

In one incident, Google pulled dozens of unauthorized mobile-banking apps from its Android market in December. The apps, priced at USD 1.50, were made by a developer named "09Droid" and claimed to offer access to accounts at many of the world's banks. Google said it pulled the apps because they violated its trademark policy.

The apps were more useless than malicious, but could have been updated to capture customers' banking credentials, said John Hering, Chief Executive of Lookout, a mobile security provider. "It is becoming easier for the bad guys to use the app stores," Mr. Hering said. Unlike Apple or BlackBerry maker Research In Motion Ltd., Google doesn't have employees dedicated to vetting applications submitted to its Android store. Google said it removes apps that violate its policies, but largely relies on users to alert it to bad software. "We check reactively," said a Google spokesman. "There is no manual bottleneck." As more companies, governments and consumers use wireless gadgets to conduct commerce and share private information, computer bad guys are beginning to target them, according to government officials and security researchers.

"Mobile phones are a huge source of vulnerability," said Gordon Snow, Assistant Director of the Federal Bureau of Investigation's Cyber Division. "We are definitely seeing an increase in criminal activity."

The FBI's Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores, Mr. Snow said. The cases involve apps designed to compromise banking on cell phones, as well as mobile "malware" used for espionage by foreign nations, said a person familiar with the matter. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones.

The vulnerability of mobile computing is also a concern for the U.S. Air Force, which worries about theft of military information or the use of personal details to scam or extort airmen and women. In March, the U. S Air Force barred users of all service-issued BlackBerrys from downloading apps. Research In Motion said its technology allows customers to enforce such group-wide security measures.

The move followed a sharp rise in questionable activity aimed at Air Force smartphones, including attacks that tried to exploit mobile Web browsers, said a military official who helps oversee the defence of the Air Force's networks.

About a year ago, the Air Force saw fewer than a dozen attacks targeting its phones each month. In May, the Air Force saw more than 500, the official said, though none of the probes was successful. "We all see this tipping point coming," said Peter Tippett, who oversees an investigative-response team that studies computer crime at Verizon Business, a unit of Verizon Communications that serves corporations. "There is a lot of activity to figure out how to make it less likely that a financial transaction would be exploited" on a mobile phone, he said.

The financial services industry says it is working with app-store operators to ensure mobile-banking apps are authentic. "Customers should be able to know who they are dealing with," said Leigh Williams, president of BITS, an arm of the Financial Services Roundtable, a banking industry advocacy group.