Just a quickie post to point out a recent proof-of-concept test of the Apple iOS App Store:
Remotely Assembled Malware Blows Past Apple’s Screening Process
Research unmasks a weakness of Apple’s App Store: new apps apparently are run for only a few seconds before approval.
- By David Talbot on August 15, 2013, MIT Technology Review
“The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed,” says Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, led by Tielei Wang, that wrote the Apple-fooling app.
. . .
The paper was slated for a talk Friday at the Usenix conference in Washington, D.C. Tom Neumayr, an Apple spokesman, said the company made some changes to its iOS mobile operating system in response to issues identified in the paper. Neumayr would not comment on the app-review process.As ever: Apple is never perfect. They're simply better than the alternatives. Nonetheless, I wish Apple was more proactive, performing intense security testing on their own software rather than waiting for a breach like every other software developer. That's why I champion the white hat hackers and their cattle prodding of Apple's security efforts.