Posted on 07/23/2010 2:29:01 AM PDT by PugetSoundSoldier
For the last several years Apple has touted the security of its App Store. You could rest assured that any app you purchase from that store had been screened by Apple for acceptable functionality and safety, and that you did not have to ever worry about something bad being in the App Store. Play freely and securely in their walled garden.
That's a great story, except for the fact it's not true. Recently a 15 year old App developer released an app that clearly violated a prime rule of the App Store - thou shalt not release a tethering application. How did he do it?
He disguised the program as a flashlight app. That's right, an app that appeared to do one thing, but clearly and obviously did a completely different functionality. There's no overlap between a flashlight applciation and a tethering app, yet Nick Lee had no problem getting the app into the store.
How was it "discovered"? Only by the app being talked about on various boards and forums, and someone leaking it to Apple and they yanked it. But it was online, available for sale inside the App Store.
Now, most will dismiss this as harmless; after all, what's the damage of a tethering app or flashlight? No harm, no foul. But the bigger question is raised: if an app can be easily disguised as something else, without Apple catching it, how many malware apps are out there right now, being installed and used, without the users or Apple being aware of what's going on?
Apple is proud of its gatekeeping of what's allowed in the walled garden of the App Store; too bad the gatekeepers are easily fooled so simply as burying the functionality really desired underneath an innocuous veneer.
The security of the App Store is based on the honor system, apparently...
How does Apple stop this? Virus protection, open source software only, lengthy review of the products (currently over 50 days), force vendors to submit code, etc... The best way for them would have been to be a little less greedy and more selective. Quality of quantity.
There are 233,176 or something close to this to download, I’ll admit a lot are these are books, but these still can have embedded malicious code.
App Store Metrics
Total Active Apps: 233,176
Total Inactive Apps: 44,213
Total Apps Seen: 277,389
Unique App Publishers: 47,102
Personally, I don’t think it can be stopped without a literal line-by-line source code inspection of the app, which is simply impossible to do on any scale at all.
Really, a better way to go is what the PC world does - tells the users that malware can exist, your apps can do things you don’t expect them to, so buyer beware, be alert, and pay attention to what you’re doing. Mommy (or, uncle Stevie, in Apple’s case) isn’t going to be able to protect you.
I also like the Android approach where you have to explicitly give access to various features before installing the application. If your flashlight app requires Internet/3G access, that might be a warning flag that something’s not right!
I am an open source type of guy... Out of the over 23,000 apps, prob only 50 or so actually make money.
They could have gone with quality over quantity, openness, and still have been great. The smart phones are becoming small PCs, they need malicious software detection and heuristics.
It is not responsible to sell a product and service that leaves you vulnerable, but they took the cash cow route.
I fully agree. If you’re going to guarantee the security of apps, then you have to code-inspect and necessarily focus on the most productive - in terms of user functionality and revenue generation - apps.
Or just open the market up and tell the consumers “buyer beware”.
What they have now is the worst of both worlds - the appearance of security for buyers with the security of “did you say it was OK? Good enough for us!” Apple is acting like a big corporation once again, something their fan base always denies: money and cash flow overrule the “good of the masses”.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.