App Store security record unblemished after 2 years

That suggests that more app stores with stringent guidelines are in our future

While the rest of the world focuses on the perceived issues surrounding the iPhone 4's antenna reception, I thought I'd bring us back to something that really matters to iPhone users, namely, the security of Apple's App Store, which just marked its two-year birthday.

In my December 2009 column, I predicted that quite possibly there's an app store in the general computer consumer's future. That statement drew some quite heated opinions from my readers. I welcome intelligent debate, of course, and would like to draw your attention back to the app store in a different light.

Apple's App Store contains over 225,000 applications for the iPhone, the iPod Touch and now the iPad, which have been downloaded over 5 billion times. To date, we've had zero virus or worm incidents in the wild. I say that's a pretty darned successful run so far.

Now, there have been several published reports of vulnerabilities in the iPhone (now called iOS) operating system. There also continue to be mechanisms available for folks to "jail-break" their phones and install non-approved (by Apple) software. Indeed, the jail-breaking and underground app community thrives, by most reasonable measures.

We've even seen a couple of malware incidents that successfully targeted jail-broken iPhones. One involved a worm program that spread from one jail-broken iPhone to another by way of an ssh daemon (network service) that was installed with a default root password. But I argue that doesn't illustrate any weakness in the Apple App Store mechanism, which remains untarnished from the perspective of the security of the apps themselves.

Now, Apple has come under some pretty concerted pressure over its app approval process, perhaps rightly so in at least some of the cases, but the fact remains that we haven't seen a single virus/worm/malware outbreak on the platform.

Windows sysadmins can no doubt well remember malware outbreaks like slammer, sasser. These worms spread with violent effect across vulnerable Windows systems, leaving behind all sorts of disruption in their wakes. Nothing like this has happened on the iPhone and the App Store in two years.

Of course, that doesn't mean that it can't or won't happen, but I do feel strongly that it's a credit to the concept. And with tens of millions of iPhones and iPads in use today, I for one am utterly convinced that the miscreants of the world would have attacked them if they had the opportunity.

Apple reviews every app that gets submitted to the App Store. It publishes certain guidelines that app developers are required to follow. From a security standpoint, perhaps the most important guideline is that apps are prohibited from making use of any unpublished APIs (application program interfaces). That is, they must play by the rules.

Even though this policy has caused more than its share of consternation among the developers as well as the users, it is also largely to credit for two years of untarnished success.

Recently though, there have been numerous calls for Apple to loosen its app review policies. If it succumbs to that pressure and lowers its guard too much -- or if government regulators force it to -- I'm not convinced that the next two years will be as untarnished as the first two years have been.

And at the same time, the platform itself has grown in its capabilities. With the iPhone 4 and the new iOS 4, apps are able to do some (limited) multitasking and such. Perhaps these new complexities and capabilities will lead to security problems in the future. Time will certainly tell.

Without a doubt, iOS 4 isn't perfectly secure. With its Unix-derived kernel and underlying architecture, I'm confident we'll continue to learn of security weak points, both in the design as well as its implementation. That much is as predictable as the phases of the moon.

But with a strong application screening process at the front end, hopefully we can continue to keep the real nasty stuff out of our sandbox.

When you combine that with the consumer-related benefits of the App Store, it makes a compelling argument that app stores have succeeded and are here to stay.

Consider that while you're reading the latest rant about the iPhone 4's antenna issues. As for me, I learned as a kid that human hands make poor antennas. I'm not sure why this revelation comes as a shock to anyone in 2010. But I'll just put a bumper on my i4 and refrain from complaining, thank you very much.

With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Department of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags mobilesmartphonesApplemobile phonestelecommunicationPhonesiphone 4Phone applications

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Kenneth van Wyk

Computerworld (US)
Show Comments





Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?