iOS malware up ∞% since January 2011

[kartu]

At the beginning of the year Apple still claimed zero malware in the App Store (it's logical for them not to count Apple's built-in malware as malware, since it doesn't come from app store), then this happened:

Charlie Miller Circumvents Code Signing For iOS Apps

And then this happened:

Webzine Does Not Store User Data

Quote:

Will this feature be fixed in Dolphin Browser for iOS?

Yes, Toggle Webzine was also a feature included in Dolphin for iPhone and iPad. It has been disabled in the newest app store update, which will be live in the App Store shortly.

Quote:

Anonymous: When they say "fix", does that mean it doesn't send the info anymore, or their sending of info is harder to trace?

which gives 100 * 2 / 0 => ∞% increase!!!

PS
Did they admit these 2 cases, by the way, or is "Dolphin Browser" still dubbed "for Android" since it was caught?

[murraypaul]

Wow, you really do have an axe to grind, don't you?

[kjk]

Quote:

Originally Posted by kartu

At the beginning of the year Apple still claimed zero malware in the App Store

When did Apple claim this? At a keynote? Press conference?

[monkeyluis]

Quote:

Originally Posted by murraypaul

Wow, you really do have an axe to grind, don't you?

Yes

[Andrew H.]

Because the bug in Dolphin HD is *completely like* a third party putting SMS trojans on an Android phone that actually rips the user off for actual money.

Obviously, iOS can't be complacent, as the Charlie Miller demo shows. And malware incidents are still very rare on Android - the 500% increase from 6 months ago and the 480% increase now are from a very small number.

But iOS has had no real incidents of malware and is much more secure than Android at the present. In large part this is a function of being "open." But denying that A. is more susceptible to malware, or pretending that there is some sort of equivalence between the two platforms is disingenuous.

At the risk of being repetitive: Android allows you to put any apps on your phone. It is a *selling point* of the phone. But there is no way around the fact that putting non-curated random apps on your phone directly and unavoidably increases the chances of getting malware when compared to only putting approved apps on your phone as done by iOS. It is unavoidable. But the tradeoff between more openness and more risk is one that most Android evangelists are happy to accept: they are willing to take more responsiblility for vetting what goes on their phone in exchange for the freedom to put non-approved apps on their phone. They don't deny that the risk is there, but tend to believe that it can be managed (which for most people who pay attention is probably true).

But you can't have more freedom and more security: the freedom to install a random porn app from a site in Romania brings with it the increased risk of malware. The limitations imposed by only being able to install apps from Apple's app store brings with it increased protection from malware. These tradeoffs are unavoidable, and there's no point in pretending that they don't exist, or that the risks are equivalent.

[SleepyBob]

I wonder how much malware gets into the Amazon Appstore, if any.

[kjk]

Quote:

Originally Posted by SleepyBob

I wonder how much malware gets into the Amazon Appstore, if any.

Probably around the same rate as the Windows and Apple App stores, assuming they all have similar screening processes.

[Nexutix]

Quote:

Originally Posted by kartu

which gives 100 * 2 / 0 => ∞% increase!!!

[kartu]

Quote:

Originally Posted by Nexutix

Finally somebody with a sense of humour.

PS
To the "evil SMS sending" argument, speaking of "secure platform", compare installing app and explicitly allowing it to do whatever it wants on your phone (Android) to the situation when app can grant itself rights on its own and you are assured that your platform is "secure" (iOS), ouch.

[JoeD]

There's bound to be more instances of malware on Android, since users can install apps from anywhere. It's no different to desktops, if you only go via an app store you limit your exposure as the odd case that does sneak into the store will be pulled as soon as they realise. Installing from anywhere else and you're taking the risks onboard.

The only difference between the android and apple stores will be down to the screening process and there should be no reason both cannot be as good.

kartu has a valid point about permissions though. I wish even though apps were installed via the apple app store that you had an option to grant permissions per app. Even if the default is apps get all the permissions they request, I'd like the option to say apps get nothing by default (or these permissions by default) the rest have to be ok'd. That way when I download what I think is an offline only app, the app cannot communicate with other devices/network without me realising there's an online component to it.


Apple were probably against that as they like to keep things simple. However, if it's an option at least those who care about such permissions could make use of it. Although they have included per app permissions for location services, I'd like that taken further to include mic/camera/access to other data like contacts and photos/network access...

[RainingLemur]

Quote:

Originally Posted by JoeD

Apple were probably against that as they like to keep things simple. However, if it's an option at least those who care about such permissions could make use of it. Although they have included per app permissions for location services, I'd like that taken further to include mic/camera/access to other data like contacts and photos/network access...

Ha. If Apple does start doing the permissions listing, then that will be one more thing that fanatics of Android will say "Look, they copied us again!" about.

[JoeD]

Quote:

Originally Posted by RainingLemur

Ha. If Apple does start doing the permissions listing, then that will be one more thing that fanatics of Android will say "Look, they copied us again!" about.

Let em, a good idea remains a good idea

To be fair, it's not like the idea is a new one, per app (well per file) permissions have existed for a long long time in unix in the form of high level read/write/execute permissions. This would just be a logical extension of that to allow finer grained control of what an app can do. I say logical as the actual implementation would likely follow a very different path.

[boydcarts]

Just to be pedantic, division by zero is considered "undefined", so "X/0" doesn't equal infinity.

[PKFFW]

Quote:

Originally Posted by Andrew H.

But you can't have more freedom and more security...

On a general level that may be true. On an individual level it is incorrect.

If one has the ability to ensure each app installed is completely secure then one can have the freedom to install any app they choose without any increased security risk.

[Razi]

Don't we all love all bad news about Apple products on this site! Interestingly I can't seem to find anything about the vanishing disk space on the new Samsung Galaxy whatever with Android Icecream Sandwich!