How Apple is Improving Mobile App Security
While hackers and security researchers continue to prod at iOS in an attempt to evade its security framework, the security behind the operating systems continues to evolve. The only question that comes up in everyone’s mind is “Why?”
According to ABI Search, the mobile app market values at $27 billion in 2013. When the market gets this huge and promising it automatically gets necessary to give utmost importance to security measures.
Security researchers at Georgia Tech were able to create a “novel method of attack” that can defeat the mandatory software review and code-signing mechanisms defending apps in the Apple App Store. The title of the app was Jekyll.
So the question is how does apple stack-up against all these insecurities? The answer is simple, follow the guidelines Apple has offered and only install the applications that are available on the store (i.e. no third party software should be installed on the device)
Latest Version of iOS:
iOS users should always make sure they are running the latest version of iOS, which contains the latest security patches to always back up their apps and data with iTunes. This backup ensures that in case that some malware app is downloaded; the device can be wiped and restored with data intact. Symantec’s security threat report said that only a single threat against iOS was detected. That’s because we know that iOS is much more stronger and specifically targeted due to its early entry in the market.
The walled Garden philosophy that tells us that the applications can be approved directly rather than having a direct agreement with the user. Once the application has entered the garden there is no going back. Some fans consider this as limiting the problem whereas rest consider this as a contribution to the problem by closing the door once the app has entered the app world. But Apple devices still provides us some important safety features like:
- Sophisticated Memory Protection
- Digitally signed code requirement
Sand Box Prevention:
Third and the most interesting part is that iOS provides a software-based kick in. All apple products are allowed to read and write files only inside a virtual “sandbox”. This sand box prevents a wicked app that has managed to slip through the review process from tapping data that belongs to the user without the user’s knowledge.
It is hard for a hacker to evade the security model – Unless the user is operating on a jail-broken device!
iOS visibly separates the areas of memory that are dedicated to code from those that are only supposed to comprehend data. This prevents the app from downloading unwanted codes, prevents it from bypassing the review process and unleashing any sort of problem.
Making a hackers life impossible!
Here is the dirty little secret.
- While sandbox prevents apps from accessing the user’s data, it does not necessarily stop the third party from accessing information that, under the appropriate circumstances, would be available to third-party software e.g. like the user’s contacts or photo albums.
- An app that manages to evade Apple’s analysis tools will potentially be able to access everything from your messages to those pictures you really wanted to keep private.
As far as “we”, the customers are concerned, the apps that we use daily will still ask you to access your pictures, location, albums or contacts, just like before. Behind the scene a whole new layer of app security will prevent hacker’s progressively refining attacks of wrecking our personal information.