Are there protections from malicious iPhone Apps?

[QueHuong]

There are so many apps right now on iTunes and I worry there isn?t enough safeguards against viruses and malware. More likely though are apps that steal your personal info, such as contacts? email addresses and numbers and sends back to their server and resell to spammers.

Have there been such instances of apps so far?
What kind of protections does Apple offer that protects against this?
Is there a way to determine what information an app sends or a way for users to identify malicious apps?

 

[silverpig]

Don't you have to submit your source code to Apple when you submit the app? I know there are some fairly strict guidelines in terms of memory management and such that they require but I am unsure as to whether everything is checked automatically by xcode or there is some more rigorous checking that gets done after submission.

 

[mmntech]

Apple does screen all Apps before they're released to the App Store. I would say the process is about as secure as you can realistically get. Even if one does slip through it probably won't stay available for long. Now if you're using a jailbroken phone, that's an entirely different story. Just exercise the same common sense as you would for downloading programs for your PC.

 

[ViRGE]

Originally posted by: silverpig
Don't you have to submit your source code to Apple when you submit the app? I know there are some fairly strict guidelines in terms of memory management and such that they require but I am unsure as to whether everything is checked automatically by xcode or there is some more rigorous checking that gets done after submission.

Apparently you do not. Developers submit the compiled app.

 

[QueHuong]

I have 2 more similar questions:

1) For those apps that can access your address book, email, etc, is it possible for them to send those private info back to the company? I'm worried about my privacy and my contacts' info being used to be spammed.

2) For those apps that interfaces with web service and requires you to enter in your passwords, are those info encrypted and hidden to the third party app? For example, Fring needs your Skype login, Twitteriffic requires your Twitter login, Beejive requires Yahoo Messenger login, etc.

 

[TheStu]

Originally posted by: QueHuong
I have 2 more similar questions:

1) For those apps that can access your address book, email, etc, is it possible for them to send those private info back to the company? I'm worried about my privacy and my contacts' info being used to be spammed.

2) For those apps that interfaces with web service and requires you to enter in your passwords, are those info encrypted and hidden to the third party app? For example, Fring needs your Skype login, Twitteriffic requires your Twitter login, Beejive requires Yahoo Messenger login, etc.

There is a certain degree of risk involved in all of those things. There is no guarantee that item 1 is not going to happen, but I think that a company has to notify you if they plan on being all nefarious and whatnot with your data.

Item 2... again, there is a certain degree of risk here, but I would imagine that those are all handled using encrypted channels like when you log into various websites.

Back to your initial concerns. I had stated before that there was no publicly acknowledged kill-switch, but I was incorrect. Steve Jobs has stated that with regards to malicious apps that are either virus-y (less likely) or stealy (more likely) there is a universal killswitch that will, in addition to removing the offending app from the store will also wipe it from all devices that have it installed (I do not know if it will do it remotely, or if it will be done on the next sync).

One of the consequences of living in this age of constant connectivity and google (and its ilk) web-apps are the dangers of having too much of your personal data out there, regardless of how much effort you put in. If you want to remain connected with those you know and love, or want to do work from home or anything like that, your data is out there.

I would certainly hope that was a major consideration when Apple was designing the device, and when AT&T was building their data networks.

 

[Nothinman]

The iPhone has no application permissions? On my BlackBerry I can set on a per-application basis whether they can access my phone, USB, bluetooth, GPS, email, files, etc.

 

[zacharace]

As Stu alluded to, I think the problem is less with the iPhone itself (its software and applications) than with external factors (the security of AT&T's network, for example). The App Store is nearly fool-proof-ishly (if that's a word) safe; Apple checks any and all applications submitted to the App Store before approving them. Security on this end, thus, is usually never an issue (unless you have a jailbroken phone...). However, what one should probably be weary of is sending secure information on AT&T's 3G network (and on "foreign" WiFi networks). While not very practical, someone with a packet sniffer and some know-how is both unseen and unsafe...
But overall, I wouldn't be worried.

 

[TheStu]

Originally posted by: Nothinman
The iPhone has no application permissions? On my BlackBerry I can set on a per-application basis whether they can access my phone, USB, bluetooth, GPS, email, files, etc.

Most all apps will ask when you launch them if you want them to use your location, or access the camera that sort of thing. I think that some of them might also get put into your main settings area and you can then set them permanently.

 

[Rottie]

If you are worrying about some apps then sell your iPhone I am not worry about those apps I usually check how many they have downloaded certain apps the higher number of downloads meNs the apps are good or best they are safe to use

 

[JSt0rm]

apple also has something deep in your phone to kill an app that is bad. Apple can trigger this I think without an update but I'm not 100%