App Store-Aided Mobile Attacks

Trailrunner7 sends along a ThreatPost.com piece that begins "The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years. ... But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for stealing data that rival anything seen on the desktop, experts say. This particular attack vector — introducing malicious or Trojaned applications into mobile app stores — has the potential to become a very serious problem, researchers say. Tyler Shields, a security researcher at Veracode who developed a proof-of-concept spyware application for the BlackBerry earlier this year, said that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers. ... 'There are extremely technical approaches like the OS attacks, but that stuff is much harder to do,' Shields said. 'From the attacker's standpoint, it's too much effort when you can just drop something into the app store. It comes down to effort versus reward. The spyware Trojan approach will be the future of crime. Why spend time popping boxes when you can get the users to own the boxes themselves? If you couple that with custom Trojans and the research I've done, it's super scary.'"

I like the yum "app store"

[FranTaylor]

All the packages are signed and I can rebuild anything I want from scratch.

Adobe uses it to update Flash and Reader on my systems, they don't need to support an update installer.

I have no doubt that the same type of system can serve palmtop systems well.

Re:I like the yum "app store"

[mrsteveman1]

They already sign the code, some of the app stores even require business documents before you're allowed to put anything up.

Having source is a plus but this is commercial software we're talking about, you don't have the source for the 2 things you mentioned, Reader and Flash. Besides that, having the source isn't guaranteed to protect you, companies have been obfuscating the hell out of source code for a while now. All they really need to do is get users to install the binary first, and then it's a waiting game to see if anyone actually reads the source and finds the evil lines, if they ever do. By then, millions of users have installed the app or the updated app (the first version doesn't need to be malicious) and had their info stolen, etc.

Re:I like the yum "app store"

[FranTaylor]

Well I wouldn't want to build Flash or Reader from scratch so what I said is true. Source is optional for yum but of course it can be required by the repository.

The nice thing about yum is you use it to update the system packages, and third parties can use the same system to update their software. All they have to do is drop a file in /etc/yum.d and their "app store" is visible to all the package installation tools.

Re:I like the yum "app store"

companies have been obfuscating the hell out of source code for a while now

I believe it's called outsourcing.

Re:I like the yum "app store"

[tsm_sf]

Since Apple has an apparently arduous approval process for their app store, I'm assuming that they guarantee everything against this sort of foolishness. I didn't bother to read the 92 page EULA that went along with it, but they're an honorable company, right?

Re:I like the yum "app store"

[eggnoglatte]

Well, FWIW, it is kind of hard to do much damage if the app can't run in the background due to lack of multithreading.

No, I don't have an iPhone, iPod, or iPad. I am just getting tired of the same old tirades from both sides.

Re:I like the yum "app store"

LOL! It's so true it hurts. Someone mod this guy up!

Re:I like the yum "app store"

[fredmosby]

I think source code availability might actually make it easier for someone to write a trojan. Without it they would have to write a program from scratch that looks like a legitimate program. If they can get the source code all they have to do is make some small modifications, release it under a different name for free, and by the time people realize what's going on the damage is already done.

Re:I like the yum "app store"

[FictionPimp]

maybe your app could just assume everyone is jailbroken (everyone I know with an iphone is jailbroken) and run a process in the background anyway.

Re:I like the yum "app store"

[Attila+Dimedici]

More importantly, the "source code" they give you may or may not match the binary they give you.

Re:I like the yum "app store"

[oakgrove]

How exactly would this stand up to the scrutiny of Debian or Red Hat or Canonical for any appreciable amount of time? Somebody has to actually hand maintain the packages in those repositories. Software doesn't just get willy-nilly thrown onto the servers.

Re:I like the yum "app store"

[Caetel]

It's not so much a lack of multithreading as Apple not publishing those APIs or approving applications which use them.

Re:I like the yum "app store"

The iGadgets support multithreading. What they don't support is having a user-level application run in the background while another runs in the foreground.

Re:I like the yum "app store"

[Belial6]

No, it's not hard to do. You just have to deliver a useful app with the Trojan. That way the code runs in the forground. The hoops that Apple erects and the functionality that they lack, in no way prevent malware on the iPhone. If users can install software, users can install software that does things they don't want. Yes, there are things that can help inform users of some of the risks, but the best we can hope for is that we are given the tools to easily check for obvious security holes, and that a system is in place to prevent other peoples systems from causing problems to ours. I have no hope that both security and functionality will ever be achived at the same time. They are mutually exclusive.

Re:I like the yum "app store"

[sl149q]

iPhone's do multi-threading. They also to multi-tasking. Tons of system stuff running in the background.

The limitations are specifically that only one application can run in the foreground (i.e. using the screen) at a time.

And that application (if it is not an Apple application) can only have a single process. Fork(2) / Exec(3) is not allowed. Pthreads(7) are.

Applications are also normally running in a chroot'd environment.

Re:I like the yum "app store"

[Meski]

And only geeks would know if the source was clean, and then there are compiler based backdoors. (see the pdf "reflections on trusting trust, by Ken Thompson)

I've always wondered

[norpy]

I've always wondered why deliberate exploits hadn't been included in seemingly safe app store apps that allowed access to forbidden api's and did naughty things always sorta amazed me.

I guess I wasn't the only person who thought of that.

Re:I've always wondered

[s73v3r]

Maybe the screening process has been working?

Re:I've always wondered

[norpy]

The screening process is on the binary, it is very hard to detect some crappy code that is intended to cause a buffer overflow.

That would still limit you to userland exploits, but it would definately allow some malicious code to be injected through a server request that could access phonebook/etc and then send it back home all without the naughty code ever existing in the application that was submitted to Apple.
This code would be all but invisible since the timebomb and malicious payload are controlled remotely.

It would be nice for someone in the know to weigh in about apple's code execution security for appstore apps.

Re:I've always wondered

[99BottlesOfBeerInMyF]

I've always wondered why deliberate exploits hadn't been included in seemingly safe app store apps that allowed access to forbidden api's and did naughty things always sorta amazed me.

Well, for the iPhone app store, where's your motivation? How do you profit from it? You have to come up with fake credentials while submitting the app, you have to be sneaky enough the screeners don't notice, your app has to bust out of a fairly tight sandbox, then it has to do something that benefits you more than the risk of getting caught and the effort of development, and you can't count on it persisting since as soon as anyone notices, Apple pulls it not only from the store but also pulls the keys so it won't run on iPhones anymore unless they're jailbroken.

So the long and short of it is, it takes a crapload for work for less payoff than just writing a worm for Windows, or even a trojan for other mobile platforms.

iPhone Banker Trojan?

[Graff]

From the article:

Banker Trojans targeting platforms such as the iPhone

[citation needed]

I poked around the internets a bit and only found a mention or two for iPhone trojans. These trojans were ONLY on jailbroken iPhones, not un-jailbroken ones that are using the iPhone App Store. As far as I know there have never been any "banker" trojans in the iPhone App Store.

This article seems to be riding the coattails of the iPhone's popularity by throwing it in the mix with other platforms that have had "banker" trojans. If they have evidence of an iPhone App Store trojan I'd love for them to directly mention it rather than being vague and doing a lot of hand-waving.

Re:iPhone Banker Trojan?

[s73v3r]

There have been some for Android. At least 2, which posed as fake banking apps. They have been removed for a while now, however.

Re:iPhone Banker Trojan?

[R3d+M3rcury]

Well, this isn't quite as serious as Bank Trojans, but Storm8 is infamous for stealing phone numbers from their customers. And this is with the all-mighty App Store in place.

Re:iPhone Banker Trojan?

[MidnightBrewer]

Yeah, this entire story is kind of supporting Steve Jobs' obsessive control of the closed App Store. My iPhone has no viruses.

It does have Plants vs. Zombies, though.

Re:iPhone Banker Trojan?

[_Sprocket_]

Actually, if you read through the linked article(s), you'd find out that it's two banks that put out alerts. Digging deeper, the developer put out around 50 apps that Google pulled when notified by one of the banks. What the apps actually did is in question. All the banks knew was that they didn't produce the apps that purportedly accessed their services. And that caused concern.

So if they weren't malicious, why do them? From the article:

"Lots could be going on here," he said. "09Droid may simply have been trying to cash in by offering apps that do nothing but provide a shortcut to the online bank's site, which the user could reach himself in the browser."

Under that scenario, 09Droid was out for a quick buck -- literally -- by charging users 99 cents for applications that, while harmless, only added a shortcut icon to the phone's desktop.

Re:iPhone Banker Trojan?

[Graff]

Yeah, there has been some poaching of the bit of info that apps can tap into. I know Apple tightened up on that though and there's a lot less that an app can get at.

There's no doubt that the App Store gatekeepers are a necessary evil. Hopefully they do just enough and not a bit more in keeping bad apps out and still allowing good apps in.

Re:iPhone Banker Trojan?

[nahdude812]

Android's Market tells you exactly what an app can and can't access before you install it. In order to access certain classes of API, the app has to include this access in its manifest file or the API's aren't available. Examples include location (there are two tiers: rough network-based, and precise GPS based), phone (again, two tiers: phone state [usually to do things like pause music when the phone rings], and the ability to place/receive calls), network access, storage (read or modify SD card contents), SMS, camera access, contact data, calendar, email, phone sleep functions, and so forth.

Those access levels are detailed here:
http://developer.android.com/reference/android/Manifest.permission.html

Certain accesses are considered sensitive, and will be specifically brought to the user's attention before they install the app. Other controls (such as access to the phone's vibrate function) aren't, and although you can look to see if the app uses those functions, you're not bothered to verify that this is ok first.

So if an app wanted to poach your phone number, etc. on Android, it would basically have to advertise to you that it's doing so or it wouldn't have that level of access.

That said, I do wish there was a way to *block* those accesses.

Re:iPhone Banker Trojan?

[nahdude812]

I don't agree. Sure, it's acceptable to have a walled garden, and to even make it the case that by default you can only wander the carefully groomed paths in that space. But if you want to peek over the wall, or even exit the garden, you should be permitted to. Sure, raise a few warning "Oh no's, nobody can tell you whether these apps out there have thorns or not," screens. But don't prevent me from leaving or else what you have is actually a carefully tended prison (it's even called jailbreaking when you exit the approved area).

For especially sensitive apps (eg, banking), most people will generally understand that you should stick to the official app store. But thinking that any entity is immune to fraud being perpetrated against it is naive. We see big corporations like Verisign - whose whole job is to verify identity before issuing a certificate - issuing certificates for people who don't have the proper credentials.

Certainly we have not seen Apple exercising consistency in what it approves and rejects for the app store, so it doesn't seem like they're really looking all that closely anyway.

We've solved issues related to trust a long time ago for SSL (at least as strongly as the walled garden app store solves it); there's no reason to reinvent the wheel here in a way that locks down consumer property against their will.

Re:iPhone Banker Trojan?

[netsavior]

yeah something combining android's manifest and blackberry's application permissions screen would be really nice... They each have half of the puzzle. BB lets you block permissions by application to certain functions (like gps, phone, etc) but it is not smart enough to know which of those things the app might try to do.

Re:iPhone Banker Trojan?

[Bakkster]

I don't agree. Sure, it's acceptable to have a walled garden, and to even make it the case that by default you can only wander the carefully groomed paths in that space. But if you want to peek over the wall, or even exit the garden, you should be permitted to. Sure, raise a few warning "Oh no's, nobody can tell you whether these apps out there have thorns or not," screens. But don't prevent me from leaving or else what you have is actually a carefully tended prison (it's even called jailbreaking when you exit the approved area).

Why enter the walled garden and complain that you can't peek over the hedge, when you have an alternative right next door (Android) that you didn't choose?

Apple is free to do whatever they want with their walled garden, and you are free to go elsewhere. So, why not just encourage people to go to the solution which isn't a walled garden, rather than trying to break down the walls you know aren't coming down?

Re:iPhone Banker Trojan?

[jeff4747]

For especially sensitive apps (eg, banking), knowledgeable people will generally understand that you should stick to the official app store.

Fixed

In all seriousness, there are some classes of users that are better served by walled gardens. I know several iPhone users would would download 'cute' apps that are actually malware. They should stay in the garden for their own protection.

Then there's another class of users. I know enough to avoid downloading malware, but I don't want to take the time to review every app in enough detail to prove it's safe. Is that voice dialer app stealing contacts? They need that level of access for the app to work at all, but there's no guarantee that they aren't doing "bad things" with their access. I would rather use my free time for purposes other than researching apps for my phone.

And finally there's the class of users who want a free app store, won't download the latest lolcat screensaver malware, and have the time to research what they download. Yes, these people should have an app store that serves their needs. So if you fall into this last group, just get an Android instead of an iPhone.

Re:iPhone Banker Trojan?

[nahdude812]

when you have an alternative right next door (Android) that you didn't choose?

Actually I did choose it. I had an iPhone, and once Android became competitive (version 2.1), I bought a Nexus One.

The problem is that just because I make an informed choice doesn't mean the average consumer is going to. Software freedom (including and especially freedom of choice) is good for the industry at large because it fosters competition. Apple is currently betting that it has enough market share to remove software freedom, and even to dictate what technology is used by the industry at large (they assume they're big enough that they can get people to abandon Flash, and whether or not you like Flash, it's still very bad to have one company tell the entire industry what they can't do).

Even though I've already abandoned Apple, it's their belief that enough people won't do this that they can retain their clout. The industry as a whole is damaged as a result. Further it sets the precedent that a software company can dictate what other software you run on the same device for business reasons rather than for technical ones (i.e. we're not talking software incompatibility, we're talking rejection because they say so). Apple is the first, if they succeed, you can guarantee that other companies will be looking to shut out their competition simply by refusing to let you run the competition's software. The entire thing is creating an atmosphere of anti-competitiveness.

Re:iPhone Banker Trojan?

My Windows phone doesn't have any viruses either. It's got an NES emulator with every NES US rom available. Suck it.

Re:iPhone Banker Trojan?

[mlts]

One app I use to mitigate this is Droidwall. It is an app for rooted phones which uses ipchains to allow or deny apps access to the network. Even if an app demands Internet access, it won't be able to send packets in or out unless Droidwall is configured to allow it.

Of course, if an app is installed and nobody checks permissions, it can send/receive using SMS or MMS, but that is a different story altogether.

Re:iPhone Banker Trojan?

[Altus]

If a consumer is not capable of making an informed choice between the iPhone and Android then lets hope they choose the iPhone because they wont be capable of making informed decisions about what apps to install.

Re:iPhone Banker Trojan?

Android has secure storage space for apps built in to the device, but it is very limited (256-512MB). Lots of apps use /sdcard for storage which is an insecure area with r/w access for all apps. Any app can infect an exe in /sdcard that you might transfer to a computer later, or tamper with any other file there, or send any documents stored there (like anything written in a notepad app) off to a server anywhere on the internet.

Also all apps need "read phone state and identity" permission so they won't crash when someone calls you (phone state). Phone identity is bundled with that which includes your phone number, the phone number of the person calling you, your IMEI. All apps can read that information. I love android but find these two things disgusting.

Re:iPhone Banker Trojan?

Wrong. All android apps have permission to "phone state and identity" along with access to the sdcard (ever notice file manager apps that can read and delete files on /sdcard, but don't ask for ANY permissions?).

"Phone state and identity" gives up your phone number, and a lot more. All apps can access it. Good job google!

Re:iPhone Banker Trojan?

[tlhIngan]

Well, this isn't quite as serious as Bank Trojans, but Storm8 is infamous for stealing phone numbers from their customers. And this is with the all-mighty App Store in place.

Which any app on any other platform, save Android, can do. In fact, Apple has a right to pull phone number stealing apps off the market for using "private APIs" because there is (or was) no API to get the phone number.

But if you have a BlackBerry, Windows Mobile or Symbian phone, the phone number's an API call away. The "except Android" is because it requires permission when you install it, which is a good and bad thing - good in that it asks, bad in that most users just click OK without reading the list (just like how they don't read dialogs already).

http://yro.slashdot.org/comments.pl?sid=1386337&cid=29585841

In fact, the odd part of this thing is why is the iPhone unique in starting this? After all, these APIs have been around for years, yet only the iPhone has started the whole steal-private-data thing that every other phone could've done for a long time now.

Ironically, the best protection is a jailbroken app called Firewall IP that lets you selectively control how apps connect and phone home. Oddly, some of the biggest names (Fox Network, for example) have the most egregious uploading of personal information.

http://i-phone-home.blogspot.com/2009/10/top-gun-top25-paid-app.html

Here's a neat blog that's on haitus at the moment, but details apps on the Top 25 app list and if they phone home or not.

http://i-phone-home.blogspot.com/

I guess it's Apple's fault for making unlimited data connections standard and devs can now assume that a phone has a constant internet connection...

Re:iPhone Banker Trojan?

[0xdeadbeef]

After all, these APIs have been around for years, yet only the iPhone has started the whole steal-private-data thing that every other phone could've done for a long time now.

For the same reason PCs get all the viruses: they have the most naive and least technically sophisticated customer base. Apple knew the iPhone would be a juicy target for malware, far more so than previous smartphones. Application signing and remote revocation is the one thing they did right, which is why Android Market does the same and all the new application stores are following through. (Of course, Symbian actually did this first.)

Re:iPhone Banker Trojan?

[Bakkster]

Even though I've already abandoned Apple, it's their belief that enough people won't do this that they can retain their clout. The industry as a whole is damaged as a result. Further it sets the precedent that a software company can dictate what other software you run on the same device for business reasons rather than for technical ones (i.e. we're not talking software incompatibility, we're talking rejection because they say so). Apple is the first, if they succeed, you can guarantee that other companies will be looking to shut out their competition simply by refusing to let you run the competition's software. The entire thing is creating an atmosphere of anti-competitiveness.

You're actually 2 decades late. Nintendo did this on the NES back in the 80's, with a lock-out chip. Only Nintendo approved (and licensed) software could be loaded and run, at least without 'jailbreaking' the cartridge to circumvent this. Note: the world of open environments has not collapsed yet.

That said, we're talking about a cell phone, which never had the ability to run user software before anyway. If they want to do the same thing on a PC, then I would begin to worry.

Re:iPhone Banker Trojan?

[99BottlesOfBeerInMyF]

I don't agree. Sure, it's acceptable to have a walled garden, and to even make it the case that by default you can only wander the carefully groomed paths in that space. But if you want to peek over the wall, or even exit the garden, you should be permitted to.

Okay, take that argument apply it to any other store, like Gamestop. Sure it's acceptable that Gamestop only carries certain products, but you should be able to break out of that walled garden. What does that mean? That Gamestop and Apple should be forced to carry other products in their stores? That OS developers like Sony, Nintendo, and Apple should be forced to modify their OS's to support other ways to install and run software?

If you don't want to be locked into Apple approved apps, don't buy an iPhone. Or do buy and iPhone but install a more open OS on it. Or buy and iPhone and leave the OS and jailbreak it. I don't see what people are complaining about here. People have choices.

For especially sensitive apps (eg, banking), most people will generally understand that you should stick to the official app store.

But will they know the app they downloading thinking it was a game jailbroke their phone and is now uploading their banking info somewhere?

...in a way that locks down consumer property against their will.

I agree trust and software installations can be done much better than the iPhone app store, but I don't see any company that has done it. That people choosing the iPhone are being forced to do something against their will is your assumption.

Re:iPhone Banker Trojan?

[intheshelter]

Aren't you being a bit hypocritical in your post? "freedom of choice" only means freedom to choose the way YOU think they should build their OS/phone/App Store. Is there any room in your world of "freedom" for people who want a consistent, predictable, non-technical, safe consumer phone experience with no hacker-fest options built in? It never ceases to amaze me that the people who espouse freedom in this Apple/iPhone argument don't really believe in freedom at all, only the type of freedom they want you to have.

Real freedom is the way it is now. You are free to choose the iPhone and it's business model, or you can choose something else. Quit trying to shove your freedom down everyone else's throat.

Re:iPhone Banker Trojan?

[nahdude812]

I do think it's the right of the consumer to use a device they purchased in whatever way they want. I think it's the right of the consumer to not be subject to intentional crippling of their hardware on the part of the manufacturer.

I do not think it's the right of the manufacturer to intentionally limit their product in a way meant to prevent the consumer from being able to experience the full range of possibilities in that device unless they have paid the manufacturer for the privilege of doing so.

This isn't hypocritical and is internally consistent. Of course the usual caveats apply: I don't have a problem with a manufacturer blocking illegal uses of a device (so long as they do not block legal uses in the process), and I understand that it's legal for a manufacturer to act in the ways I have proscribed above, but still don't think they have a right to it.

Re:iPhone Banker Trojan?

[nahdude812]

I believe you're purposely misinterpreting my sentiments. The Gamestop analogy would only be true if Gamestop sold you a game console which can only play games sold by Gamestop, and also they refuse to sell any game which is available for multiple platforms.

I agree trust and software installations can be done much better than the iPhone app store, but I don't see any company that has done it.

The question is one of chain of trust. The proposal on the table is that the App Store has the advantage of providing this chain of trust by its nature, and that it's unusually well suited for this. My contention is that software trust has already been solved in a manner which doesn't require tying a consumer's hands, and that the App Store doesn't offer any advantage over existing models, and has a number of disadvantages unique to itself.

Re:iPhone Banker Trojan?

[dannys42]

Say what you (not you specifically, that's a general "you") want about Apple's certification process. But what they do for containing apps and controlling distribution does deal with this type of problem fairly effectively.

And if you have a problem on a jailbroken iPhone... well, that was the risk you accepted to do that.

Re:iPhone Banker Trojan?

[spearway]

Actually the chain of trust is the issue, there is no way to insure that chain if you let the user install any software on the unit. Just talk to all those people trying to enforce DRM... If you jailbreak a unit then there is no way you can guarantee the chain of trust, or at least it become so murky that for all non security experts it becomes very difficult to judge what is the valid chain of trust and what is the compromised one.

There is a value in a well trusted device.

Re:iPhone Banker Trojan?

[99BottlesOfBeerInMyF]

I believe you're purposely misinterpreting my sentiments. The Gamestop analogy would only be true if Gamestop sold you a game console which can only play games sold by Gamestop, and also they refuse to sell any game which is available for multiple platforms.

So if you're buying from the Sony, MS, or Nintendo Web site directly, that's exactly the case.

My contention is that software trust has already been solved in a manner which doesn't require tying a consumer's hand

Except you haven't cited an example that offers commercial software, for sale, in such a manner.

App Store doesn't offer any advantage over existing models, and has a number of disadvantages unique to itself.

Actually it does, which is why the Google app marketplace has distributed malware, but the Apple store does not seem to have as yet. The Apple App store does have an advantage, not one that can't be recreated without the lock-in but one no one has recreated yet without that lock-in.

Re:iPhone Banker Trojan?

[Bakkster]

I do think it's the right of the consumer to use a device they purchased in whatever way they want. I think it's the right of the consumer to not be subject to intentional crippling of their hardware on the part of the manufacturer.

Who gets to decide what is 'crippling'? A proper OS should limit the functions available to users and user programs. For example, blocking user access to the boot table to prevent exploits or inadvertant damage. Should the manufacturer be required to honor your warranty if you circumvent protections and damage the system?

Can you find a definition that would catch all the 'disguised' artificial limits, without false positives for legitimate limitations?

This isn't hypocritical and is internally consistent. Of course the usual caveats apply: I don't have a problem with a manufacturer blocking illegal uses of a device (so long as they do not block legal uses in the process), and I understand that it's legal for a manufacturer to act in the ways I have proscribed above, but still don't think they have a right to it.

So do you think it should be illegal, or do you just disagree with it and want to raise awareness? And again, who gets to decide the difference between legitimate limitations (for safety, reliability, ease of use, fitness for a particular task) and these 'illegitimate' restrictions?

Re:iPhone Banker Trojan?

I've been running applications on my 5 year old 3G phone videocall-capable phone (SE z800i), and before that V600 (released 2003)? The Z800 was under 400 (taxes included) off contract, unlocked when I bought it, so it's not exactly a high-end phone.

What phones were you using that didn't allow J2ME?

Open Store, Open Door...

[LostCluster]

As much as we hate Apple's walled-garden approach to an app store, having a central authority with a kill switch for any app, plus limited multitasking ability, plus developers tied to using the app store's preferred programming language and tools are all things that stand in the way of a would be trojan spyware author. As Apple claims, jailbreaking your iPhone could all "the enemy" to do what they want with it, and that could crush poor little American Telegraph and Telephone Co.'s network.

Google touts openness, and Microsoft touts the power of a free-market of commercial software, both of which provide nice benefits to the consumer, but also to the hacker who wants to compromise user privacy. Has anybody looked into the Facebook apps on these platforms?

Re:Open Store, Open Door...

[grcumb]

As much as we hate Apple's walled-garden approach to an app store, having a central authority with a kill switch for any app, [etc....] are all things that stand in the way of a would be trojan spyware author.

Perhaps, but if you cast your net a little wider, you'll realise that the main thing required is a viable process. Autocratic centralised control is just one of a number of different and equally effective means of managing security for end users. Debian, Ubuntu, Fedora and countless other community-maintained repositories have historically sustained a commendable level of security in their vast software collections. They've built up so much trust, in fact, that the trust itself has become a peculiar kind of strength.

Re:Open Store, Open Door...

The only way the three systems you mentioned would detect a rogue package update, would be from open-source coders reviewing the original codebase. Maintainers don't often examine code -- often, they are even incapable of it.

So what do you get when that update comes from (A) a closed-source application, or (B) a solo-programmed OSS project? You get hell, that's what you get.

Also, a bit of perspective. The last I heard (years ago), Debian had 17,000 packages. How many do you think the iPhone has?

On the App Store, Wikipedia says: As of April 8, 2010, there are at least 185,000 third-party applications officially available on the App Store, with over 4 billion total downloads.

It's not nearly as simple a situation as you make it to be.

Re:Open Store, Open Door...

[QuantumG]

There's a web of trust backed up with digital signatures. So if someone finds a trojan in some code in the repository they can track back where it came from. It's actually happened once or twice and the response was incredible.

Re:Open Store, Open Door...

I don't understand what your point was meant to be. Yes, if someone somehow detects an app doing undesirable things -- infeasible in itself, due to closed nature of iPhone, and 'spinoff' processes/files -- then Apple can pull that app. But by then, it's too late! The damage has been done.

What do you do when Update 73 installs a waiting backdoor that activates on Dec 1st, and Update 74 removes the code that installed it on Nov 30th? Only solution is filesystem tracking. Does the iPhone do that? Does Linux? (OK, Linux can log it, maybe, but the iPhone can't.)

Re:Open Store, Open Door...

[the_womble]

here are at least 185,000 third-party applications officially available on the App Store

If wonder how many there are if you exclude things that should not need an app - e.g. newspaper apps that provide the same content you can see on the website.

Re:Open Store, Open Door...

[QuantumG]

I was talking about linux distro repositories. I expect Apple can't do anything (right).

Re:Open Store, Open Door...

There is no difference between jailbreaking and placing a world writable anonymous FTP directory on a machine with a root account with no password onto the Internet. Both just attract blackhats, and allow them to use the item as a staging point for attacks. For good measure, perhaps a bash shell hanging off the telnet port.

Jailbreaking is something that should bring criminal charges. It puts vital communication systems in jeopardy, allows malware authors easy access, and violates IP laws.

Re:Open Store, Open Door...

[DrugCheese]

As much as we hate Apple's walled-garden approach to an app store, having a central authority with a kill switch for any app, plus limited multitasking ability, plus developers tied to using the app store's preferred programming language and tools are all things that stand in the way of a would be trojan spyware author.

Know what would really stand in their way? Not having mobile devices. Then they'd have a hard time doing anything malicious with it since we wouldn't even own them. Oh wait, yeah, we wouldn't own them.

Re:Open Store, Open Door...

Upon reflection, I think my confusion can be blamed upon myself. When I said, "the only way to detect a rogue update ... is from reviewing code," what I actually meant was reviewing code before the update goes live. I don't really take chances with compromised systems, even after isolation and fixes. Nuke it from orbit, I say.

Re:Open Store, Open Door...

[mirix]

You forgot to exclude the 100,000 fart apps too.

Re:Open Store, Open Door...

And how many of those 17,000 Debian packages are just libraries, or similar 1K LoC programs like you mention, or font or other asset providers?

I know many of those iPhone apps are probably bogus (my estimation: 10,000-15,000 legitimate) but I still believe it to amount to much more than that of Linux distros.

Plus, short of Apple abandoning all its older applications and issuing new "application qualification" standards, it has to live with reality: that 1 out of 185,000 of these hello-world-in-complexity apps can own the phone.

Re:Open Store, Open Door...

[mjwx]

Google touts openness,

Android has on-device security which let the user know, in simple English what the application will do ("can access your contacts", "uses services that cost you money (SMS, makes phone calls)", "will access the internet") so when you download a fart application that wants access to your contacts and to the internet you have to figure out something isn't right.

As much as we hate Apple's walled-garden approach to an app store, having a central authority with a kill switch for any app,

But that isn't so useful as Apple's walled garden approach has forgone local security in favour of gateway only security, once you've gotten past the censors you have a free reign. Enterprises have known for some time that gateway only security is a complete and utter failure. You need both gateway and local security, which Android provides both although the gateway security is entirely voluntary (but enabled by default).

There have already been data miners for the Iphone that have gotten past Apple's ever watchful censors including at least one fake banking application (BOA, IIRC). This isn't including data miners like Arsebook.

Ultimately gateway and local security is preferred for end users, one should have a choice whether to use the gateway or not but local security is an absolute must, especially on a mobile device. Despite how good you think your gateway is it is fundamentally flawed.

Re:Open Store, Open Door...

[mgblst]

OK, so I don't hide my trojan in a fart app, I hide it in an app that backs up your contacts to the web, or another dialer.

Re:Open Store, Open Door...

[phillymjs]

There have already been data miners for the Iphone that have gotten past Apple's ever watchful censors including at least one fake banking application (BOA, IIRC).

Link, please. Because I remember hearing that fake banking apps were a problem on Android. I certainly never heard that one was out in the app store for the iPhone, and I think that would have been pretty big news.

Re:Open Store, Open Door...

[jedidiah]

Except taking that quasi-mac and just dumping the Big Brother approach works equally well.

All of the justifications for the fascist nonsense depend entirely on ignoring all of the well engineered alternatives to Windows and pretending like they either don't exist or don't have the same vulnerabilities.

In order to elevate the new messiah, the cult needs to deny the old one.

Re:Open Store, Open Door...

[jedidiah]

Steve? Is that you?

BTW, the jailbreak doesn't "expose" anything. It's the sshd package that does that.

Jailbreaking is more like enabling another 3rd party storefront that doesn't belong to Apple.

Re:Open Store, Open Door...

[technomom]

This link and this one

Re:Open Store, Open Door...

[Wovel]

This link and this one

Did you read the articles you linked? Clearly state the apps only targeted jailbroken iPhones. This means they were not distributed through the app store and not in any way relevant.

Re:Open Store, Open Door...

[Wovel]

..I forgot to mention in my response below..the PC World article is discussing a Windows Trojan....

Re:Open Store, Open Door...

[jeff4747]

Android has on-device security which let the user know, in simple English what the application will do ("can access your contacts", "uses services that cost you money (SMS, makes phone calls)", "will access the internet") so when you download a fart application that wants access to your contacts and to the internet you have to figure out something isn't right.

Malware authors are nowhere near as stupid as you make them out to be.

When a voice dialer app says it's going to read your contacts, you'd of course let it do so. It's one of the logical things for a voice dialer to access. And then it steals your contacts because it was actually a malicious app.

There is no "local security" on an Android phone.

Re:Open Store, Open Door...

Does ALL of the software from Apple's App Store come with the source? Every piece of software I downloaded for my T-Mobile Wing, except Opera, is GPL'ed.

I hate to say it, but Windows Mobile is the only game in town if you want even partial software freedom on your phone.

Re:Open Store, Open Door...

[99BottlesOfBeerInMyF]

Debian, Ubuntu, Fedora and countless other community-maintained repositories have historically sustained a commendable level of security in their vast software collections.

Actually they've had numerous problems and failed to provide a viable option to extend that functionality to commercial software offerings. Canonical, in fact, is working on cloning the Apple store by adding a similar feature to the new Ubuntu package manager, due in the next release.

Re:Open Store, Open Door...

[99BottlesOfBeerInMyF]

But that isn't so useful as Apple's walled garden approach has forgone local security in favour of gateway only security, once you've gotten past the censors you have a free reign.

Don't you think it would be better to, you know, do any research on a topic before making such assertive and blatantly wrong statements? If anything, Apple's sandboxing is more restrictive than Google's.

There have already been data miners for the Iphone that have gotten past Apple's ever watchful censors including at least one fake banking application (BOA, IIRC).

Citation please. I've seen only trojans distributed to jailbroken iPhones, not through the store. Additionally, having a central store allows Apple the option of revoking the ability of such applications to function on all non-jailbroken iPhones everywhere.

Re:Open Store, Open Door...

[mythandros]

I've never used Android but you seem to be telling me that it has opt-in gateway security and a local security model that's proven ineffectual to anyone unwilling to consider implications (re: Microsoft's UAC). For the average user, it sounds like Apple has the superior model.

Re:Open Store, Open Door...

[ckaminski]

Ignoring any JVM based systems, such as Android or Blackberry?

Just because it's Java doesn't make it "not open."

Re:Open Store, Open Door...

...so when you download a fart application that wants access to your contacts and to the internet you have to figure out something isn't right.

That might be asking a lot from someone downloading a fart app.

Re:Open Store, Open Door...

[Lars+T.]

BTW, the jailbreak doesn't "expose" anything. It's the sshd package that does that.

Keep telling yourself that long enough and it still won't become the truth.

“If you care about security, don’t use a jailbroken iPhone,” said Charlie Miller at the SyScan security conference in Singapore.

Re:Open Store, Open Door...

[mjwx]

I've never used Android but you seem to be telling me that it has opt-in gateway security and a local security model that's proven ineffectual to anyone unwilling to consider implications (re: Microsoft's UAC).

Show me a security model that protects the user from themselves.

Apples is worse, it gives the user a false sense of security by approving applications that are harmful.

I don't think you quite understand defence in depth and how having less local security and fewer users actively watching applications is a not good thing. Android's system at the moment relies on other users ratting out bad applications, whilst this is not 100% effective it's a lot better then giving a use false sense of security. With Apple you have one set of eyes watching thousands of applications, with Android you have a thousand eyes watching thousands of applications.

Re:Open Store, Open Door...

[Sandbags]

The iPhone OS also has significant local security. One app can simply not access the data or feed of another, period. Multitasking or not, unless there's a reason Apple determines your app should access shared APIs and content like your contact list, it is not permitted. An app can not see inside of a safari page, even if that page was opened BY that app.

WTF can a virus actually DO on the iPhone if all it can get are your contacts and files in the shared directory (on an iPad)? There is a massive layer of onboard security, just not traditional antivirus. Access to things like location data, files, etc, must be user enabled. Any app that tries to bypass that won;t pass the screening tests (anymore, they were not perfect initially, apple did not from day 1 develop such tools, but they have now).

Re:Open Store, Open Door...

[Sandbags]

The worst thing an app on an iPhone can do is steal your contacts. On an iPad it MIGHT be able to access the shared folder system and access files, though the OS controls seem to be tight there. An app on the iPhone for instance can not access content inside of Safari, not even for pages that app launched itself. Each app is in a memory walled garden, and the OS has explicit control over that, and auto-kills apps that try to do otherwise. Apple's tools for testing an app are very advanced (now, they were not initially), and their detection methods are sound, not to mention the process involved in getting an account is extensive, and any hacker introducing such an app would be a VERY easy target for law enforcement, so its a complex and risky business trying to post a malicious app, not to mention people are going to actually have to want to download it for it to be effective, and even if it CAN steal data, and call APIs to do so, making it pretty damned hard to write an app that should both have access to your contacts and a reason to have its own open Internet connections. Apple can also remotely disable any app ever released with the flip of a few bits.

On Android, it;s entirely possible for one app to sniff the data stream of another, steal your banking passwords, your facebook account, and more. With apple, you have more than a simple eye watching apps, you have custom code inspecting deep inside of submitted apps, and a kill switch if for some reason they get through otherwise. The thousand eyes on Android only watch apps AFTER they're in circulation, which is too late, and those thousand eyes don't have tools. I'd rather be watched by 1 man with 20/20 vision than a thousand blind men.

Re:Open Store, Open Door...

Uhm

"developers tied to using the app store's preferred programming language and tools are all things that stand in the way of a would be trojan spyware author."

Is a complete lie, by the way.

Go look up Corona SDK and notice that this is illegal according to the developer EULA and should be outright banned -- but they still have apps up on the regular app store from what I understand. There could be plenty of non-Objective-C originated projects, and nobody would really notice unless they stamped it on the final product. There aren't any "ties" to anything.

This study brought to you by the fine folks at...

Apple, the company with an app-store you can trust.

Trust US to provide you with a safe, secure environment for your mobile needs.

We know best.

Apple.

=)

That was a close call

[Gadget_Guy]

Wow. I was going to download some apps from one of those app stores. I can't believe I nearly exposed my phone to something even more dangerous than anything on my PC. In future, I am going to just limit myself to downloading whacky screensavers for my Windows system, because that is totally unlike downloading an app for my phone.

Seriously, I can't believe the gall of those attention-seeking media whores who call themselves security experts. Years after we have been able to download applications for phones, some nitwit finally realises that one of those apps could be harmful. All they have to do is blow the danger out of all proportion and wait for the stupid media to lap up the story.

"But this time it is different - instead of downloading the app from a website, you get them from an app store!" Yeah, right.

Re:That was a close call

[Culture20]

"But this time it is different - instead of downloading the app from a website, you get them from an app store!" Yeah, right.

But it is different; because of perception. People think "Oh, the Apple App store; everything here has been thoroughly vetted by Apple and given the thumbs-up" when in reality, the vetting process is: "does it crash? does it look like it does what it says?" and maaaybe: "are there any obvious hooks into user data that the stated purpose of the App doesn't need?" Almost assuredly nothing that checks for obfuscated code,

Re:That was a close call

[Cryacin]

You missed "will it displease the all knowing, all mighty overlord and ruler of the universe, Grand Poobah Steve Jobs."

That one's important.

Re:That was a close call

The real power behind the Apple vetting process has nothing to do with what Apple does, it's what Apple has: Your bank routing #, social, full name, address...and yes, they have all this of mine.

So if a fly by night app store that lets anyone submit apps without any process and may not collect this information for all app submitters has an app with a virus - they remove it. Apple could quite possibly notify the authorities of your location.

I'm not saying Apple vetting process is foolproof, or that this would stop all attacks, but by collecting this information you're a lot more likely to be able to hold people accountable for crap they do than otherwise.

Just my $0.02.

Re:That was a close call

[Low+Ranked+Craig]

As far as you know. Who knows what they might be looking for? http://reviews.cnet.com/8301-19512_7-10400276-233.html

Re:That was a close call

Don't tell me, in all seriousness, that you think Apple can reliably detect backdoor or virus activities in a pre-compiled, machine-code binary. If Apple discovered a way to do so, I will hail them as Programming Gods, and permanently switch away from my laptop, and to the iPhone.

Re:That was a close call

[Techman83]

"does it crash? does it look like it does what it says?"

Guess that's why Flash is denied.

Re:That was a close call

[phantomfive]

I don't know if it's that bad. If Bank of America creates an App that lets me access their bank, I might use it (assuming I had an iPhone). I think it is reasonable to assume that Apple would not let anyone but Bank of America create the Bank of America app. If there is another app that asks for my bank account info, I'm going to be really suspicious. So there is some security built into the app store, even if they don't verify every line of code.

Re:That was a close call

[gig]

That is bullshit. They not only check for malware, they even check for privacy violations and use of unfinished API's that may break in a future OS release. The whole app platform was designed for approvals.

You can't say iPhone is doing it wrong because it's not open on one day and then say it's just as vulnerable to malware as Android the next. We know Apple is not as vulnerable because they have not had any malware through 2 years of a billion downloads and over 200,000 apps, while Android Market has served malware with significantly fewer apps and downloads. And most of Apple's users do not know WTF "malware" is, which is why they do it this way.

Re:That was a close call

[jrumney]

You missed "does it use, or was it originally written to target, Flash?"

Re:That was a close call

[Black+Gold+Alchemist]

Well, identity theft makes up the difference. And most people writing trojans probably have easy ways to get stolen IDs.

Re:That was a close call

[Black+Gold+Alchemist]

We know Apple is not as vulnerable because they have not had any malware through 2 years of a billion downloads and over 200,000 apps, while Android Market has served malware with significantly fewer apps and downloads.

That we know of. Maybe an app has already swiped everyone's info secretly. We don't know.

Re:That was a close call

Yeah, and that's a nice way to blow up apps count. Instead of one banking application that work's with every bank, get one app for each bank under the sun. Oh, and the one app for all banks is called... web browser.

Re:That was a close call

That is bullshit. They not only check for malware, they even check for privacy violations and use of unfinished API's that may break in a future OS release. The whole app platform was designed for approvals.

It's not bullshit. How would Apple detect an app that computes the address of a hidden API function at runtime? Apple does this for author benefit, not any real security sense. Claiming they can detect malware in high accuracy is just so ignorant it hurts.

We know Apple is not as vulnerable because they have not had any malware through 2 years of a billion downloads and over 200,000 apps, while Android Market has served malware with significantly fewer apps and downloads.

This is wrong. There has been several data mining apps for the iPhone that I have heard of, and I know very little. Android was detected, because the platform offers native permission abilities, and it's inherently more open and with a userbase consisting of Slashdot (read:techy) types.

Re:That was a close call

[CoffeeDog]

Easy, just hide the code that steals the user's information inside a giant fart button and it'll whisk through the approval process without anyone thinking twice about it.

Re:That was a close call

You can say it's vulnerable if there is evidence to support that claim, though.

It is vulnerable. They can't check for a certain class of malware: apps that maliciously use public APIs.

The reason is that they don't review source code. Their binary inspection tools and test processes are unlikely to detect every outcome of an application, especially since it's not hard to make an application simply not do anything malicious during the review process.

Unless their procedures have been substantially tightened, things like this are possible.

Can you support the assertion that they 'check for privacy violations'? How would they do that?

Re:That was a close call

[Timmmm]

That is next to impossible. Consider an app that backs up your SMSs to gmail. There's one for android, I don't know if this is 'allowed' on the iPhone. Anyway, it has a perfectly legitimate reason to

a) Access your SMSs, phone number etc.
b) Access the internet.

There's no way you or Apple can tell whether it will also send those messages to the hacker's own server unless you have the source code (and even then it would be prohibitively expensive for Apple to audit it). If you're thinking "but ... wireshark... " you're not being imaginative enough.

Another example on android would be a keyboard replacement with ads in the settings menu. It has a legitimate reason to see everything you type, and contact the internet.

Re:That was a close call

[IamTheRealMike]

They don't check for privacy violations, go read the iPhone Privacy white paper. There are about a million ways an iPhone app can violate your privacy without you (or apple) ever knowing about it.

Re:That was a close call

FUD

Re:That was a close call

[Wovel]

Sorry..I did not see anything in the article to suggest any danger from Apples App store..

Re:That was a close call

If iphones have been data mined in secret, considering the size of the install base, the usage of that info would have leaked out by now.

Re:That was a close call

[KahabutDieDrake]

Are you seriously implying that someone writing malicious code for the App store can't come up with even one fake identity good enough to fool apple? Seriously? Because that's just wishful thinking at it's finest.

I don't have the slightest idea how apple vets that information, or if they even do. What I do know is that for 25$ on any number of websites, I can buy a full identity, including all the above info and a lot more.

Re:That was a close call

There was an app for the iPhone that billed itself as a contact backup application. The company took that information and used it to spam the contacts of anybody that had used the application. They may not have lied about the information the app was accessing, but they were unscrupulous with what they did with it. I'd call that malware.

Citation provided.

Re:That was a close call

Think the fact that "most of Apple's users do not know WTF "malware" is" might have something to do with why we don't hear many complaints?

How bout this: do you think Apple accepts liability? If the approval process is as rigorous as it is annoying, and if the purpose is to ensure a strict standard of quality (no, really) and, more importantly, security, then when that security fails, Apple will be responsible, right? I mean when users complain about a bug in their fart app, it's Apple's fault for letting it through, right?

Re:That was a close call

That we know of. Maybe an app has already swiped everyone's info secretly. We don't know.

Thanks for that insightful comment Glenn Beck.

Re:That was a close call

[Rand+Race]

We know Apple is not as vulnerable because they have not had any malware through 2 years of a billion downloads and over 200,000 apps...

OS X hasn't had any major malware in the wild for a decade now, yet a hefty percentage of the people you're preaching to have a near-religious belief in the immanence of such.

Re:That was a close call

[Culture20]

"But this time it is different - instead of downloading the app from a website, you get them from an app store!" Yeah, right.

But it is different; because of perception. People think "Oh, the Apple App store; everything here has been thoroughly vetted by Apple and given the thumbs-up" when in reality, the vetting process is: "does it crash? does it look like it does what it says?" and maaaybe: "are there any obvious hooks into user data that the stated purpose of the App doesn't need?" Almost assuredly nothing that checks for obfuscated code,

Wow, Apple zealots really didn't like that post. Up to 5, then down to 0. Steve Jobs will be proud of your moderations. You might get a VIP ticket to the next Macworld expo.

Starting at $59.99

Norton AntiVirus: iPhone edition.

Re:Starting at $59.99

[Culture20]

Norton AntiVirus: iPhone edition.

Symantec Endpoint Protection, iPhone Edition has scanned its own jail space and found no viruses. Would you like to enable real-time protection (until you close the SEP iPhone Edition App)?

there's only one way (and it's imperfect)

Do not run software for which a sufficient number of trusted parties cannot examine its source.

Yes maybe most people haven't the know how to examine it. But that doesn't matter - what matters is simply that enough people *do* who have no vested interest in jacking your machine. With enough eyes, malicious code will often be spotted.

I say often because even that isn't foolproof, it's just better than the alternative of "blind trust in the app developer".

Maintaining control of your own machine using a network of human trust is the only way, short of writing your OS yourself. And surely giving control of your machine to unknown parties without such trust is a bad idea.

Oh, and diversity of ecosystems helps as well. Monocultures are inherently dangerous.

A problem, but not really new

[SnowZero]

This is not really any different from the thousands of "kitten screensavers" and other "utility" programs you could download off the internet for windows desktops.

On blackberry? Not so much

[Jeffrey+Baker]

Any app on the blackberry requires user intervention before it's allowed to fetch URLs, open raw sockets, read email, dial the phone, get your location, manipulate the address book, or do any other damned thing. And 90% of the APIs require the developer to be vetted through the app signing process. It actually seems much less vulnerable to trojans and spyware than a PC.

This is why Android could take over the market.

[Old+Flatulent+1]

It comes down to if you cannot see the source don't trust it. As long as blackhat crooks are out there making closed binaries there will be problems with trojans. If Google is smart they will insist that all code must be visible to operate on the Android OS. Perhaps Rim will follow suit and make sure that all third party binaries are clean. I know this really irks some developers but if your code is clean, unique and has a copyright why are you afraid that others will see it?

Re:This is why Android could take over the market.

[Jeremi]

It comes down to if you cannot see the source don't trust it.

... and even if you can see the source, you still can't trust it. Unless you are an expert in the source's programming language, AND you are willing to spend several dozen hours doing a line-by-line review of all of the source code, most exploits are still going to walk right by you. A "mistake" that opens up a security hole can be very subtle; indeed that's why so many honest developers end up releasing security holes by mistake.

And that's not even counting the second issue: how do you verify that the source code you are reading actually corresponds with the executable your computer is going to run? If you download both source and executable, it could be that the source is clean, but the executable contains a back door. Even if you compile the source code yourself, it could be that the code exploits a bug (or backdoor) in your compiler to implement behavior different from what the source code indicates.

Re:This is why Android could take over the market.

[Culture20]

Sounds like what you want is Gentoo: phone edition. Plug in your phone, type emerge --sync && emerge phone-image on the PC, wait overnight while the image compiles, then dd onto /dev/phone. If it crashes, do another emerge --sync and see if emerge phone-image compiles something new, then dd that. Call^W Email work and tell them you'll be late because you're compiling your phone OS again. They'll understand.

Re:This is why Android could take over the market.

It comes down to if you cannot see the source don't trust it.

An one can point to numerous examples that show the fallacy of this thinking. The Debian openssl fiasco is a prime example.

I know this really irks some developers but if your code is clean, unique and has a copyright why are you afraid that others will see it?

Who says they are afraid?

Re:This is why Android could take over the market.

[mjwx]

It comes down to if you cannot see the source don't trust it. As long as blackhat crooks are out there making closed binaries there will be problems with trojans. If Google is smart they will insist that all code must be visible to operate on the Android OS. Perhaps Rim will follow suit and make sure that all third party binaries are clean. I know this really irks some developers but if your code is clean, unique and has a copyright why are you afraid that others will see it?

RIM cant follow suit because their OS is based on WinCE. Fundamentally incompatible with open licenses. Plus RIM make money of selling hardware and services that rely on their products having no viable third party server software, fundamentally incompatible with the ideas of an open codebase.

Android has always won in the security stakes because Android has on device security. Android checks what API's the program accesses, if it asks for access to your contacts, to the internet or to services that will cost you money (phone calls, SMS's) then you know at installation time. This system is not infallible, nothing is but it is a hell of a lot better then the gateway only model Apple uses.

Apple User 1: This food looks poisoned and smells of death.
Apple User 2: The gatekeeper said it's OK.
Apple User 1: om nom nom nom nom, URK...

Apple's model of no local security is wrong. Any networked operating system should be built with security from the ground up. I fear with enough users, the Iphone OS may become as insecure as Windows not because it sacrifices a good security model for user friendliness wherever possible but because it gives it's users a false sense of security.

Re:This is why Android could take over the market.

[migla]

As was all ready mentioned, it's about having a security process. This can be implemented regardless of openness.

If more open "stores", such as Android or Maemo/MeeGo or Debian or whatever don't yet have as rigorous a process as Apple, they should get busy of course.

Regarding any discrepancy between source and binary, you should obviously just upload the source to the store and have the store build the binary.

Re:This is why Android could take over the market.

[Graff]

It comes down to if you cannot see the source don't trust it.

And when is the last time you looked at every single line of code for a major open-source application and made sure that it was totally and completely safe? Do you just use them, assuming that someone else did it for you?

The fact is that we all trust the developers at some point, it doesn't matter if it is open or closed source. At least with a major author they have a physical presence, buildings, investors, publicly traded, cash in the bank. If they do something underhanded you have stuff you can go after. In open source yeah you have code that people can look at but you also have the possibility of some anonymous person who works a sneaky backdoor into the code. Then when it all goes kablooey there's no one whose feet can be held to the fire.

I'm not saying that either closed or open source is better than the other, just that both have many good and bad points. You can't automatically assume that open source is better. Either way it helps to have safeguards in place, like an app review process and the ability to quickly remove malware from devices.

Re:This is why Android could take over the market.

[bit01]

... and even if you can see the source, you still can't trust it.

The decision is not binary. You can trust it more. Depending on the source a lot more.

AND you are willing to spend several dozen hours doing a line-by-line review of all of the source code

Astroturfers love to push this dishonest nonsense. Again pushing the false dichotomy. And pretending that open source doesn't give the entire world, billions of people, access for review.

Closed source means only the vendor can review it. Open source means any number of groups can review it, including the original source. At the very least it is no worse than closed source.

---

Open source software is everything that closed source software is. Plus the source is available.

Re:This is why Android could take over the market.

[MachineShedFred]

Well, if you define "the market" as only people who want a smartphone, who are also fluent programmers with the time for a code review of every damn thing they want to do with their device.

"It comes down to if you cannot see the source don't trust it" is an idealistic scenario that will never happen in the real world, on a device that the manufacturer actually wants to profit from.

Re:This is why Android could take over the market.

[oakgrove]

And when is the last time you looked at every single line of code for a major open-source application and made sure that it was totally and completely safe? Do you just use them, assuming that someone else did it for you?

It doesn't matter if I do it; if it's an important enough piece of software, somebody has. And if it's really important, more than a few somebodies. And if it's really really important, I can pay somebody to do it. And it's not an either/or problem like you frame it. You may not realize this as you seem to be a bit of a noob in regards to security but security requires a multi-layered approach. Having the source is just one. Surely you aren't foolishly arguing that I'm better off not having it.

At least with a major author they have a physical presence, buildings, investors, publicly traded, cash in the bank.

That's your argument? Really? I offer this in rebuttal. How many coupons would you like?

Re:This is why Android could take over the market.

[Voyager529]

Congratuations sir, you both correctly depict the average technology user and incorrectly account for it at the same time.

We both agree that on-device security is necessary. We both agree that a false sense of security is bad. The biggest problem is still between the keyboard and chair.

User downloads Dancing Bunnies app. RIM very granularly lets you set permissions. Eventually, users figure out that the "Always Allow" options let the application run without being nagged to death with prompts. Nevermind that Dancing Bunnies both wants to access the internet (understandable) and send SMS and make calls, because dammit just show the dancing bunnies and quit nagging me!!

I'll take your word that Android is much more user friendly in this regard (i.e. only showing prompts for APIs the app accesses, using plain English terms, and denoting which apps can literally cost money), but ultimately you can't fix stupid.

I think that Apple has painted itself into a corner though. So far, there hasn't really been a widespread infection on the iPhone (well technically every jailbreak app has essentially been malware, but with the exception of the swiftly-remedied TIFF exploit, they've all been intentional). Apple is very well known as the gatekeeper that's removed apps at a whim. To add some sort of user-definable permissions prompt would imply that there is a problem, and that the vetting process isn't comprehensive. If Apple does that, they admit to being a fallible system. Whether it's true or not, what *is* difficult to refute is that Apple's mindshare is largely based on being less attack ridden than the PC. The question is which would cost them more: proactively putting a level of security into users' hands implying some is necessary, or retrofitting it AFTER the first major malware attack.

Re:This is why Android could take over the market.

[intheshelter]

You can trust it more? Seriously? That's your highbrow intellectual response? So you can trust it 39% versus only trusting another app 35%? What exactly does that offer me? You can either trust it 100% (the very definition of the word trust I might add) or you don't trust it completely. The decision IS binary.

"Astroturfers love to push this dishonest nonsense. Again pushing the false dichotomy. And pretending that open source doesn't give the entire world, billions of people, access for review. . . . Open source means any number of groups can review it"

Blind open source advocates love to push this dishonest nonsense. Open doesn't mean better. It doesn't mean safe. It only means open. You can't honestly take anything more out of it than that.

Re:This is why Android could take over the market.

[Graff]

It doesn't matter if I do it; if it's an important enough piece of software, somebody has. And if it's really important, more than a few somebodies. And if it's really really important, I can pay somebody to do it.

I'd like to introduce you to an important, relevant psychological effect known as the bystander effect. The more important that something public is, the GREATER the chance that no one will take care of it because they all just assume "It's so important that someone must have taken care of it."

I'm not saying that open source is insecure, just that you can't automatically assume that it IS secure. Unless you personally look at the code or pay someone trusted to do so, you have to assume that it isn't secure.

The "noob" here is the person that blindly trusts other people to make sure everything is secure.

Re:This is why Android could take over the market.

[oakgrove]

Your sociobabble bs doesn't impress me. And furthermore:

secure

is as meaningless as any other word that denotes an absolute yet objectively unattainable ideal. Check this out, if the source is open, you have the opportunity to get closer to the ideal than if the source is closed, i.e. doing the inspection work yourself or paying someone else to do it.

What you said and what I took issue with was this:

And when is the last time you looked at every single line of code for a major open-source application and made sure that it was totally and completely safe? Do you just use them, assuming that someone else did it for you?

That's a shill statement trying to make the debate look like it's just a black and white issue. It isn't. Again, if the software is important enough, somebody has. If you have proof otherwise, I'd like to see it, else it's just my opinion versus yours. And at the end of the day, with open source, I can pay somebody to check it. Closed source?

Re:This is why Android could take over the market.

[Graff]

Again, if the software is important enough, somebody has. If you have proof otherwise, I'd like to see it, else it's just my opinion versus yours.

Which, of course, is why I linked an article with some hard numbers. Did you read it? Now, even numbers can be haggled over but it at least lends credence to my argument: open source is not intrinsically secure. Sure, it CAN be secured if you spend your time going through the source or paying someone to do so but you can't just assume "it's important so someone must have secured it". Everyone before you might have said something similar so it's turtles all the way down, there's a good chance that no one did a proper job at security.

Closed source might not be any better but if you are buying from a company that has a reputation and a monetary stake in the matter then you at least have some leverage and some recourse if something goes wrong. You don't have that kind of hold on open source developers. Again, I'm not saying that one is automatically better or worse than the other, just that there are security issues with both kinds of software and no amount of "someone will take care of that" can get rid of those concerns.

Re:This is why Android could take over the market.

[oakgrove]

No, I didn't read the article you linked to. I'm already well versed on what the bystander effect is so I don't have a particular need for an about.com re-hash of the wikipedia article on it. I know enough about it to also realize that it has very little to any relation to what happens during the life cycle of major open source software, re apache, linux kernel, x server, ssh, etc. Despite my trust and the fact that my computers run all of that software, I have yet to get hacked into once. Somebody must be paying attention because every so often, my update manager pops up and tells me to update them. I do and life goes blissfully on. Don't get me started on when I used to run a certain proprietary OS.

Closed source might not be any better but if you are buying from a company that has a reputation and a monetary stake in the matter then you at least have some leverage and some recourse if something goes wrong.

And get what for my troubles, some coupons and free downloads for more crap? I think I'll stick with what I have now.

it at least lends credence to my argument:

Well, here's something that lends some credence to mine. I'll quote the relevant bit to save you the trouble.

So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.

Re:This is why Android could take over the market.

[TheNumberless]

If you honestly believe trust is 100%, then how can you trust anything, ever?

Even for the things in which I invest the most trust (my family and close friends), the chance they could betray me is small but nonzero.

I tend to use source code availability as a mark in favor of trustworthiness. The developer is willing to expose the code for anyone to examine, it's less likely that they're hiding something. The chance that they still are even in the best of cases is, of course, not zero.

You are, of course, free to exercise your own criteria for trust. Consider the possibility that people can disagree with you without being liars.

Re:This is why Android could take over the market.

[TheNumberless]

An one can point to numerous examples that show the fallacy of this thinking. The Debian openssl fiasco is a prime example.

That doesn't imply a fallacy (more accurately, you haven't provided a counterexample). It would if the original statement were: if you can see the source, you must trust it.

Of course, you can't point to an example of closed source code that is 100% trustworthy. Only closed source code that hasn't been proven untrustworthy yet.

Disclaimer: I use and write closed source code every day. I just try to be realistic about trust.

Re:This is why Android could take over the market.

[Graff]

No, I didn't read the article you linked to. I'm already well versed on what the bystander effect is so I don't have a particular need for an about.com re-hash of the wikipedia article on it.

I linked to other articles in my original post, one of which had numbers showing that open source, even core stuff that SOMEONE should have hardened, was just as vulnerable and in some cases more, some cases less) as closed source. You obviously didn't read it, even though you posted a reply to it.

There are other articles to be found, such as this Kaspersky Security Bulletin which had this to say:

As for Linux users, a number of serious vulnerabilities were reported in 2006, most of them related directly to the Linux kernel. Some of these allow DoS attacks against a vulnerable system, while the others allow elevation of privileges.

Obviously the Linux kernel is an open source effort that a LOT of eyeballs stare at and it still has vulnerabilities. I'm not saying that Linux is bad, just that open source is not immune to security problems by the very virtue of being open.

Re:This is why Android could take over the market.

[oakgrove]

This is why I love open source. We don't try to hide behind the veil of secrecy. Of course, it lets guys like you and the rest of the 'softies go around and crow about "OMG!!11 LInux has teh flaws!" because we actually disclose rather than try to hide in obscurity.

And I'm not saying that it is more secure by mere virtue of it being open source. See, the thing is, I fully expect more vulnerabilities to be exposed in open source software than closed source. People look through it, find flaws and the next thing I know, my update manager fires up and tells me what to do. That means the system is working. When vulns stop getting found is when I start getting worried. The fact that they are being found and patched and all I have to do is click yes to the little update box just helps me sleep better at night. Contrast that with closed source. How many years have certain vulnerabilities gone unpatched? Who knows? And you may never know. Yet thousands of people get owned daily running closed source OS's.

So, you keep going around with your bs studies and your links just make sure you keep that McAfee updated... Oh, my bad. Too soon? All the while, us open source guys will just keep getting work done.

Re:This is why Android could take over the market.

As was all ready mentioned, it's about having a security process. This can be implemented regardless of openness.

If more open "stores", such as Android or Maemo/MeeGo or Debian or whatever don't yet have as rigorous a process as Apple, they should get busy of course.

Regarding any discrepancy between source and binary, you should obviously just upload the source to the store and have the store build the binary.

My point exactly ...this is what I meant to say! The source for the app must be available to the distributor. This is why the windows platform is a security mistake, no one in their right mind trusts Microsoft with their source code for a unique application that they have created. If there is a GPL type license attached to apps source the original creator must be recognized for their work. As things stand developers have become so scared that someone else will steal their idea that they are hooked on closed source binaries and do not think it is possible to do things any differently.

The old fart

Re:This is why Android could take over the market.

[Graff]

So, you keep going around with your bs studies and your links just make sure you keep that McAfee updated... Oh, my bad. Too soon?

Ahh, you assume. I never touch any of that anti-malware stuff, I have no need for it. It's a worse virus than the actual ones. As for crowing about flaws, I couldn't care less. All software has flaws, open or closed. You take sane steps to protect yourself and prepare for when that's not enough.

I use both open and closed software when they suit my needs. There are advantages and disadvantages to both sides. I'm not for or against any of them. I dunno why you have a chip on your shoulder but it's causing you to make bad assumptions and clouding your vision. And remember, all those ad hominems that you pile on your arguments don't mean squat. They only serve to weaken your position.

Re:This is why Android could take over the market.

[oakgrove]

Fair enough. I call a truce. You have your way of seeing things and I have mine. The ad hominems were a bit overboard, admittedly. It's just an internet message board though and what's life without a little passion?

Freedom for all

Our freedom to run whatever apps we want is more important than some little security issue.

They should do what Google does

[obarthelemy]

and just sponsor a couple of OSes and a browser pretty much dedicated to ratting on you.

Perhaps this will evolve into something beneficial

[Dr_Marvin_Monroe]

I agree with the poster that the economics of attacks is definitely in favor of the Trojan vs. the technical attack. It's scary how many people install junk on their computers, and it's not getting any better. Even I do it sometimes without knowing 100% who's behind some utility or patch that I want. This is the approach that pays off easy too. Why bother trying to sneek into their box when the user's will install your bug for you?

In nature though, some of these parasites actually evolve into beneficial bugs. The take their little bit, but they also do some extra bit for the host. Both sides win, this is symbiosis. Imagine that the SETI@home also defragmented your disks or optimized performance some how in exchange for running on your system, same thing.

Now consider for a second that Conficker patched some security holes after entering the host system....Isn't it doing some little bit of good? Not wanting it on my box, just showing how Conficker's security is also beneficial to the host machine. Their goals align... Consider also, how does Google's goals align with mine when I use online Docs?

I think there will be a real blending here. Trojans will get more beneficial and less intrusive, people will tolerate them because they do something useful, and a new class of free (as in beer) software will evolve.

Clearly unfair to Apple

[gig]

You can't tell me how wrong Apple is for having a closed store with strict app approvals and how other mobile makers will outdo Apple with their open stores and then wrote a malware-scare article about how app stores are too open and lump Apple in with everyone else. It's one or the other. Everyone else has Jas apps you can install from the Web and Apple has C apps you can't.

Apple has an actual record here. They've been malware-free 100% for 2 years, 200,000 apps, over 1 billion downloads, with consumer users who don't know what malware is, doing 1-click installs.

How you can write an article like this saying "app stores should be more closed" and not mention Apple's is closed is beyond me.

And there has been no native malware on iPhone. Also bullshit.

And although Apple may not strictly guarantee zero malware, they are actively policing every app. To pretend that's like having no cops, as on the other platforms, is ridiculous.

Awful article. Just fucking awful. Do some fucking research!

Re:Clearly unfair to Apple

[Rocketship+Underpant]

My guess: there's a rather popular hate-the-leader bandwagon among certain geeks. You see this on Reddit a lot, where anything critical of the iPhone or iPad gets modded up immediately whether it's insightful or not.

This author is probably part of that bandwagon, desperately trying to stitch together a premise (open app stores are an opportunity for trojans) and an incorrect conclusion (fear the iPhone!) with no logical connection. Why else use App Store like a proper noun in the title, knowing full-well that most people will immediately assume the iPhone/iPad App Store?

Anyone who's owned a Mac a long time and constantly been lectured by their PC-using friends that "Macs are just as susceptible to viruses" even though no one gets viruses on their Macs while PCs are like leper colonies for malware knows this full well.

Re:Clearly unfair to Apple

[jittles]

But we know that there is data mining going on with the iPhone. There are advertising networks that developers use to handle their in-app ads and those networks have been mining peoples data since 2.0 first came out.

Re:Clearly unfair to Apple

[MachineShedFred]

While I completely agree with what you posted, I do have one question: were you actually expecting journalistic integrity from some half-ass "security consultant" who's job primarily consists of yelling OMG THE SKY IS FALLING OMG OMG OMG as loud as they can, to as many people as possible?

This isn't the Washington Post or CNN.com - it's some useless d-bag who's trying to make a name for himself writing on a blog.

Re:Clearly unfair to Apple

-1, Off Topic

Your anaology about leper colonies breaks down because 95% of humans have a natural immunity to the disease. If only 5% of computers world wide could be infected by a virus, that would be an ineffective virus.

Re:Clearly unfair to Apple

> Why else use App Store like a proper noun in the title

Maybe because in English, one always capitalizes titles words other than prepositions?

Re:Clearly unfair to Apple

What is funny is that neither assertion is completely true. Macs are vulnerable to Trojans, while a sanely secured Windows box [1] can resist most forms of attack.

[1]: Using MSE (which is licensed at no charge), using Firefox/Adblock/NoScript for Web browsing, and running as a user without admin rights takes care of most attack vectors.

Re:Clearly unfair to Apple

[frog_strat]

hate-the-leader bandwagon

Depending on your current set of memes, you may have a negative reaction to inequality (liberal) or a positive one (conservative). Ultimately it is probably best to have no reaction and try to objectively evaluate the situation.

Open Source

[jprupp]

It'be interesting to have open source packages clearly specified in the app store, especially Android's app store. Maybe even an option to only show open source software could help. How much malware do you see in your typical Ubuntu, Debian, or Fedora repository?.

Re:Open Source

[Wovel]

More than on the iPhone :)

Re:Open Source

[oakgrove]

Bull-fucking-shit! Point me to the package in the Debian or Ubuntu repo that is malware. IPhone apps have been outed over and over for harvesting user data.

There's an APP FOR THAT too

What rong with dat?

Your Ukraine Saint
Vito

Not surprising

A friend of mine recently had a spam email go out to everyone in his address book. The reason? A paid app from the Apple store he'd installed had stolen all his personal info from his phone and returned it to the app creator. That app is still in the store today, the company basically offered a bunch of free stuff and promised not to do it again. The only advice I could offer was - how much did he feel his personal information is worth?

So what, precisely, does the reassurance of a signed app from the Apple store get you? That's right, you're reassured that the app is signed!

Re:Not surprising

[RMH101]

what was the app? name it, please.

Re:Not surprising

[gyrogeerloose]

what was the app? name it, please.

He can't because it doesn't exist. That's why he posted AC.

Re:Not surprising

[Wovel]

My buddy had an android app that shot his mother, burned down his house and ate his dog! Look! I can lie too!

Re:Not surprising

He can't because it doesn't exist. That's why he posted AC.

My friend took the blue pill and agreed to an NDA in return for some goodies. Of course, I made no such promise - and since I received the spam, I can infer that it would have been Finger Physics. In mitigation, looking at the spam, it emailed directly through the app rather than returning information to base, so on that count I was incorrect.

Now, having called your bluff, I posted AC because I don't want any future employer to find my association with the IQ hole that is Slashdot, nor am I a professional astroturfer for Apple attempting to counterfeit a believable persona. The alternative, that several people feel the need to jump to defend a company that they have no financial interest in whatsoever, but are merely members of some black turtlenecked worshipping cult is clearly ridiculous and doesn't bear thinking about.

Re:Not surprising

[gyrogeerloose]

Okay, thank you, and I retract my previous statement.

That said, if you were implying that I'm a professional astroturfer for Apple (or anyone else), you are very much mistaken. When Apple fucks up, I'll jump on them just as hard as anyone else. At the same time, I do feel the need for balance in these forums and when I see an AC making an unsubstantiated claim they way you did, I'm going to say something about it. If that bothers you, then stop making those types of posts. Unless your Slashdot nick is your real name, there's not much chance that anything you say here is going to be traceable back to you anyway.

Re:Not surprising

My own apologies for the generalization made, and some admiration that you took the time to respond, your concerns are understandable.

Usually I don't bother to post at all on Slashdot, but every once in a while a topic will come up that I feel strongly enough about to stick an oar in. AC suits this purpose, although I do recognise it puts me at a disadvantage. I too was motivated by balance - my feeling was there was far too much defense of what is, when all is said and done, a walled garden.

Now this?

[hellop2]

Et tu, Fartapp?

Re:On blackberry? Not so much

Any app on the blackberry requires user intervention before it's allowed to fetch URLs, open raw sockets, read email, dial the phone, get your location, manipulate the address book, or do any other damned thing. [...] It actually seems much less vulnerable to trojans and spyware than a PC.

That does not mean much for a trojan. A trojan could masquerade as some tool or game that 'needs' access to all of these, and the Trojan user would happily grant it those rights.

there are no gays in the military

No spyware on the iPhone at all..oh wait
http://i-phone-home.blogspot.com/

the app store is rife with it

Re:there are no gays in the military

[Wovel]

Rife based on a blog article that does not mention a single app or what it does that is malicious?

People keep making these claims, it is fairly clear they are all BS..

Re:there are no gays in the military

Are you incapable of reading?

From the first goddamn page, a hosts file that details dozens (hundreds?) of apps that silently data mine the user. http://www.textbin.com/show_text.php?id=x6430

Bad apps that don't work are in the store...

[seifried]

I was testing SSH clients for the iPhone so I bought about a half dozen, one of them flat out didn't work (filled out the problem form, no response). One didn't allow you to change the port to something other than 22. Only one app allowed you to import a key. Only one (a different one) allowed you to have more than one key. In other words one was completely broken, one was arguably missing basic functionality and all were missing common functionality. In other words the quality was abysmal.

I also tried to contact them, one had a website listed that was several years out of date and had no contact info (no names, emails, phone numbers, nothing). Not exactly inspiring of trust.

Based on this I can simply say I will not use them, for one thing they don't work terribly well. But mostly because who knows what they do in the background. Perhaps every 50th connection, assuming it is a Tuesday they send your connection details (user name, password, IP, etc.) in an outgoing packet to the bad guy that wrote the app.

I actually regret going with the iPhone (not that the android is much better in this respect). I'm so used to Open Source software having to use a closed source application from a basically unknown source (as opposed to someone who is at least known and ideally has a decent reputation they want to protect) is foreign to me and to be honest a deal breaker.

Re:Bad apps that don't work are in the store...

[MrCrassic]

Why do you need a SSH client when you can just download OpenSSH and use command line via Saurik's MobileTerminal?

Re:Bad apps that don't work are in the store...

[FictionPimp]

If you don't want to jailbreak, I recommend issh. Works great for me.

Re:Bad apps that don't work are in the store...

[jittles]

Maybe he's like me and is annoyed at having to re-jailbreak the phone every time theres any sort of update?

Re:Bad apps that don't work are in the store...

[MrCrassic]

That's a good point; I use T-Mobile on my iPhone, so I don't take that waiting into account.

Re:Bad apps that don't work are in the store...

[Wovel]

+1 for iSSH. I suspect he might have been helped by using reviews as a starting place.

Android and Manifest

Android is a bit better equiped from that point of view: with a VM and a Manifest saying what an application can do.

If you take an app that is supposed to do something but is allowed to do something else, you can be very warry, as the reviewer will be.

For the App Store, there is nothing like that, which probably makes it harder to detect clever malware.

Re:Android and Manifest

[Wovel]

Unfortunately your theories get all mangled when they bounce into reality.

Ditto, I use iSSH extensively

[aussersterne]

and it's absolutely great.

iPhone has local security too

[EMB+Numbers]

From http://developer.apple.com/iphone/library/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/ApplicationEnvironment/ApplicationEnvironment.html

The Application Sandbox
For security reasons, iPhone OS restricts an application (including its preferences and data) to a unique location in the file system. This restriction is part of the security feature known as the application’s “sandbox.” The sandbox is a set of fine-grained controls limiting an application’s access to files, preferences, network resources, hardware, and so on. In iPhone OS, an application and its data reside in a secure location that no other application can access. When an application is installed, the system computes a unique opaque identifier for the application. Using a root application directory and this identifier, the system constructs a path to the application’s home directory. Thus an application’s home directory could be depicted as having the following structure: /ApplicationRoot/ApplicationID/
During the installation process, the system creates the application’s home directory and several key subdirectories, configures the application sandbox, and copies the application bundle to the home directory. The use of a unique location for each application and its data simplifies backup-and-restore operations, application updates, and uninstallation. For more information about the application-specific directories created for each application and about application updates and backup-and-restore operations, see “File and Data Management.”

Important: The sandbox limits the damage an attacker can cause to other applications and to the system, but it cannot prevent attacks from happening. In other words, the sandbox does not protect your application from direct attacks by malicious entities. For example, if there is an exploitable buffer overflow in your input-handling code and you fail to validate user input, an attacker might still be able to crash your program or use it to execute the attacker’s code.

See also protections around location, camera, microphone, address book access, and network interfaces that "let users know in simple words what an application will do"

Re:iPhone has local security too

[ckaminski]

Why the FUCK (in line with today's other ACLU article) can't I have this feature in a modern OS? Linux? Windows?

chroot is not good enough, IMHO. jails are closer, but still not good enough. I'm not sure on SELinux... I don't want virtualization - I want application sandboxing!

Maybe system hooks to a supervisor module to prompt me for a password whenever the app tries to break the sandbox (system or network documents, maybe)...

Seriously, this is the next wave of OS protections from malware - where are the people working on this?

Re:iPhone has local security too

[michaelhood]

Seriously, this is the next wave of OS protections from malware - where are the people working on this?

Over here - http://www.sandboxie.com/

Don't let the lacking site mislead you, it can sandbox any binary I've tried - not just browsers.

Underhanded C contest

[DrYak]

Since Apple has an apparently arduous approval process for their app store, I'm assuming that they guarantee everything against this sort of foolishness.

And I sense that we've discovered the next year's Underhanded C Contest thema.
"Design a piece of code that looks like a genuine mobile funny game, but in fact turn the smartphone into a zombie node of a powerful and evil bot-net..."
"Bonus point if your game actually passes Apple's App Store certifications".
I can really see it coming :-D

Wow, an argument for Apple's tightwad policies

[wealthychef]

I'm not a big fan of the Steve Jobsian App Store lockdown policies, but at least inside of that, if an app is discovered to be malicious, Apple can wipe it from everyone's phones I believe without even asking them.

Re:Wow, an argument for Apple's tightwad policies

[slaingod]

http://www.engadget.com/2008/10/16/google-implemented-an-android-kill-switch-those-rascals/

Android has this too.

Re:This study brought to you by the fine folks at.

[drummerboybac]

I know this was modded flamebait, and probably was intended as such, but I can see a less snarky version of this message being EXACTLY what Apple would want to push.

Selectively disable features

[slaingod]

Android has the right idea, in my book, they just need to take it further and allow users to deny the permissions that are asked for in the manifest. The manifest lists all of the secure things that can be accessed by the app, there just needs to be a line-item veto. A timer/stop watch application does not need 'Full Internet Access' or 'Access to My Contacts'.

Re:On blackberry? Not so much

[Sandbags]

A maliciously written app has no requirement to use RIM's API subset. An app can abuse any vulnerability of the OS because no one ensure's it doens't. On the iPhone platform, use of those APIs is the only way to access such content and apps are explicitly sandboxed from each other. Custom code scans each submitted app, and ensures that calls to unpublished APIs don't happen. Custom code inside of an app is simply denied access to anything outside of its own boundary. Only apps distributed outside of Apple's ecosystem can perform malicios tasks, and even those are limited to API calls, so what can it do, steal your contacts? On RIM or Android one app can access content in a browser opened by another, read keyboard inputs to another app, access any files in the system, and do just about anything it wants, and if it uses the right hack, the user is never prompted.

excuse

[blast111]

http://www.gurenzeytin.com/ ayvalik zeytinyagi

Re:excuse

[blast111]

http://www.gurenzeytin.com/ ayvalik zeytinyagi

http://www.ayvalikzeytinyagimarketi.com/ ayvalik zeytinyagi

Apple App Store Already Infiltrated

These problems have already taken place in Apple's App Store. I had my credentials stolen from my iPhone by a trojaned App (I have a special login just for the iPhone). Apple was very unwilling to do much about it, despite all my effort.

So, if you want security, don't just assume that Apple and others are doing all they can do to protect you. You must use common sense.

I just don't do anything sensitive on mobile devices.