News
Rogue apps could affect non-jailbroken iPhones
By Jesse Hollington
Applications Editor, iLounge
Published: Friday, December 4, 2009
News Category: iPhone
A Swiss iPhone developer has published research that indicates that security vulnerabilities affecting the iPhone are not limited to jailbroken iPhones. Developer Nicholas Seriot has created a proof of concept app called SpyPhone as a demonstration of how Apple’s own APIs could be misused to read or edit a user’s address book or gain access to a user’s web surfing history or recent location information. For such attacks to succeed, a malicious application would still need to get past Apple’s App Store approval process to be available for non-jailbroken iPhones, however this is not outside of the realm of possibility as such an app would not require the use of any exploits or third-party APIs, and the spyware portion could be hidden by delayed activation or an encrypted payload.
The security researcher detailed these potential iPhone privacy risks in a talk he delivered in Geneva on Wednesday, during which he also outlined possible defense strategies, suggesting that Apple should design the iPhone OS to require users to authorize read or read-write access by iPhone applications to potentially sensitive on-device information such as the Address Book, add firewall functionality to the device and ensure the keyboard cache is not as readily available to third-party applications. (via The Register).
Related Stories
- Apple airs new Siri-focused iPhone 4S ads
- Apple asks European standards body to set Frand rules
- iPhone accounts for 40% of new Sprint customers in Q4 2011
- Key iPhone, iPod executive left Apple last year
- Motorola sought lucrative royalty on iPhone, iPad sales
- AT&T explains ‘unlimited data’ user throttling, blames users?
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- iLounge Weekly coming early Monday, giveaway reminder
- iBackFlip launches Somersault case for iPad
- Motorola loses third patent case against Apple in Germany
- Apple rushing to pick demo apps for next iPad launch
- Apple airs new Siri-focused iPhone 4S ads
- Periscope Audio Lab releases SpaceSampler
- Evernote Hello improves contact entry features
- eMailGanizer Pro adds Universal Inbox, Smart Folders
- Scosche rolls out bassDock for iPad
- German court rejects Apple bid to ban Galaxy 10.1N
Recent Reviews
- Cygnett Apollo for iPhone 4/4S
- Case-Mate Pop! ID for iPhone 4/4S
- Case-Mate Pop! for iPhone 4/4S
- Case-Mate Pop! With Stand for iPhone 4/4S
- Solid Line Products RightShift 2 Removable Keyboard Case for iPad 2
- Spigen SGP Kuel F60Q Battery Pack
- Just Mobile Highway + Highway Pro for iPod, iPhone + iPad
- Speck CandyShell and CandyShell Satin for iPhone 4/4S
- Jensen JiPS-310i Docking Speaker for iPod, iPhone & iPad
- FrappeDesign Smart Sleeve for iPad 2
Recent Articles
- iOS Gems: Adventures of Tintin, Reckless Racing 2 + Scramble With Friends
- Ask iLounge 2-3-12
- Making The Case For - And Against - An Apple iTV Television
- Instant Expert: iTunes U for iPad, iPhone and iPod touch
- Instant Expert: Secrets & Features of iBooks 2.0
- iLounge’s 2012 CES Best of Show Awards: Honorable Mentions
- iLounge’s 2012 CES Best of Show Awards: iPod, iPhone, iPad + Mac
- iOS Gems: Bug Princess, Dora Hops Into Phonics, It’s A Small World, Sleepy Jack + X Is For X-Ray
- The Complete Guide to Managing iTunes Videos
- Editorial: As CES Grows, Will Microsoft’s Loss Be Apple’s Gain?
1
Authorisation of access to Photos and Contacts sounds pretty unobtrusive, as long as it doesn’t end up being something similar to Windows UAC.
It’s unpleasant when I have to authorise an App for Location Services, but authorising it for Photo and Contact services too may tip over the edge. It’s still preferable to the alternative though.
The iPhone is still more secure than the iPhone+Jailbreaking.
Posted by Dan Woods on December 4, 2009 at 12:47 PM (PDT)
2
If such an app was to get through the app store approval process then Apple still have a kill switch that and remove such programs. Therefore this is a bit of a non issue.
Posted by Chuck on December 4, 2009 at 2:07 PM (PDT)