One of the ‘big selling points’ for Apple products over the years has been its lack of vulnerability to attack from virus’s, trojan’s and the like. The argument went that because the OS was so closely managed and the hardware it runs on so similar that it was very difficult to ‘break into’. However as a system becomes more adopted it becomes a target for attacks – and it appears that the iPhone OS has now reached that size.
Now, the Apple App store is supposed to protect users from ‘rogue’ apps due to the tests and control that Apple maintain, but an iPhone app that secretly gathered user data was approved and published in Apple’s iTunes App Store recently!
The app, called InstaStock, was created by a security expert to expose a security flaw in Apple’s new iOS5.
Charlie Miller designed the app to look like an application for checking stock market prices but it was also able to steal user data, including photographs and contacts. The app, which was accepted into the iTunes App Store in September, has since been removed by Apple and Mr Miller’s account has been suspended.
“First they give researchers access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry.”
Apple’s iOS devices have typically had fewer security vulnerabilities than competing platforms because of the company’s tight control of the operating system and the approval process for apps that run on it. But this is bound to happen eventually – it just seems rather ‘harsh’ to ban the developer when he is actually not using the information for illegal purposes and is trying to ‘help’ Apple – admittedly by going public – but we would prefer to know wouldn’t we?