Opinion
Apple App Store's security track record unblemished after two years
That suggests that more app stores with stringent guidelines are in our future
By Kenneth van Wyk
July 20, 2010 12:22 PM ET
Computerworld - While the rest of the world focuses on the perceived issues surrounding the iPhone 4's antenna reception, I thought I'd bring us back to something that really matters to iPhone users, namely, the security of Apple's App Store, which just marked its two-year birthday.
In my December 2009 column, I predicted that quite possibly there's an app store in the general computer consumer's future. That statement drew some quite heated opinions from my readers. I welcome intelligent debate, of course, and would like to draw your attention back to the app store in a different light.
Apple's App Store contains over 225,000 applications for the iPhone, the iPod Touch and now the iPad, which have been downloaded over 5 billion times. To date, we've had zero virus or worm incidents in the wild. I say that's a pretty darned successful run so far.
Now, there have been several published reports of vulnerabilities in the iPhone (now called iOS) operating system. There also continue to be mechanisms available for folks to "jail-break" their phones and install non-approved (by Apple) software. Indeed, the jail-breaking and underground app community thrives, by most reasonable measures.
We've even seen a couple of malware incidents that successfully targeted jail-broken iPhones. One involved a worm program that spread from one jail-broken iPhone to another by way of an ssh daemon (network service) that was installed with a default root password. But I argue that doesn't illustrate any weakness in the Apple App Store mechanism�which remains untarnished from the perspective of the security of the apps themselves.
Now, Apple has come under some pretty concerted pressure over its app approval process, perhaps rightly so in at least some of the cases, but the fact remains that we haven't seen a single virus/worm/malware outbreak on the platform.
Windows sysadmins can no doubt well remember malware outbreaks like slammer, sasser. These worms spread with violent effect across vulnerable Windows systems, leaving behind all sorts of disruption in their wakes. Nothing like this has happened on the iPhone and the App Store in two years.
Of course, that doesn't mean that it can't or won't happen, but I do feel strongly that it's a credit to the concept. And with tens of millions of iPhones and iPads in use today, I for one am utterly convinced that the miscreants of the world would have attacked them if they had the opportunity.
Apple reviews every app that gets submitted to the App Store. It publishes certain guidelines that app developers are required to follow. From a security standpoint, perhaps the most important guideline is that apps are prohibited from making use of any unpublished APIs (application program interfaces). That is, they must play by the rules.
Free Insider Guide