Apple Wages Battle To Keep App Store Malware-Free (networkworld.com) 85
alphadogg writes: Apple is facing growing challenges keeping suspicious mobile applications out of its App Store marketplace. Over the last two months, researchers have found thousands of apps that could have potentially stolen data from iOS devices. Apple has removed some of affected apps since it was alerted by security companies. But the problems threaten to taint the App Store's years-long reputation as being high quality and malware free.
Ignoring the Elephant in the Room (Score:5, Funny)
Re: (Score:3)
Such Hypocrisy is shared by most large companies. As much as I don't like Apple, they are hardly unique in this. I'd be more worried about their continued human rights violations that they repeatedly claim they've dealt with.
Re:Ignoring the Elephant in the Room (Score:5, Insightful)
The suicide rate at Foxconn is less than an average American High School. Until a US president is brought up on crimes against humanity for NCLB, it seems a bit silly to condemn Apple.
Re: (Score:2, Insightful)
Why is this marked Troll? The human rights violations aren't ever mentioned around here unless Apple is under scrutiny. In fact, the hubub around here died down after made some changes, only for it to reoccur a couple of years later. Perhaps if it really were about human rights and not about dinging Apple's PR, the heat would have stayed on, other companies would be following suit, and Apple wouldn't feel comfy enough to let it happen again.
Re: (Score:2)
That said, I'm less inclined to go around correcting people when it's brought up in web forums because the general media is biased wildly in Apple's favor. e.g. Did you know one of the main patents in Apple's $1
Re: (Score:2)
Why even spend the time on that when Foxconn produces parts for many manufactures and not just Apple? I wouldn't mind, but worker safety is a whole different level from PR stemming from a poorly understood patent case. Heck, you could even rake Apple over the coals for letting the violations happen again as recently as this year!
Re: (Score:1)
Apple often goes to great lengths to try to make us believe that they've fixed the problem. I'm not suggesting Apple is better or worse than those other companies, only that it's a more important issue than what goes on in their app store.
Re: (Score:3, Insightful)
No, they have never claimed to have 'fixed' the problem, because it is a problem that is unlikely to fixed anytime soon in China. What they do claim is that they have taken concrete steps to reduce the likelyhood of it happening, both by paying more money for services and by penalties for contract violations [which supposedly include things like workers hours/conditions/no child labor].
Re: (Score:1)
Do you also find daylight to be amazing?
Re: (Score:2)
Well Apple fanboys making excuses for Apple is as sure as the rising and setting of the sun.
Re: (Score:1)
Heh. The funny part about that statement is that your fixation on Apple is the only reason you have an interest in any 'crappy business practices'. You think about Apple more than the fanboys do.
Re: (Score:1)
I suppose you think people shouldn't complain about things like government corruption because it could be worse in some other place.
No, you have it backwards. The hypocrisy is when we criticize everyone else, yet are no better, not when we criticize ourselves when someone else is worse. Can't you even make a basic analogy?
Re: (Score:1)
And yet you provide no evidence to support your assertion...
Your need to denigrate those who disagree with you betrays the weakness of your argument.
Re: (Score:3)
What's funny is that so many here don't like Apple that they hold it to a higher standard.
Wrong. People don't like Apple because it is not meeting the same standard as others: It pockets more of the money that it makes through slave labor than others do. Therefore, it can better afford to pay people a living wage, and therefore its behavior is actually more repugnant than that of other corporations.
Re: (Score:1)
But let me be the first to say this. The Apple dominance era is (slowly) coming to a close. Okay Arstechnica or whatever tech mag will still print a bias reviews of Apple products against say the Nexus 9 by focusing on benchmarks that favor Apple. All the meantime, the screen resolutions of their devices are falling behind, the software (mainly Safari) is falling behind (eg Chrome) and more importantly their critical security exploits being the highest in 2014 then years prior.
I'm not saying their standard
Re: (Score:2)
And as for screen resolutions I don't give a shi
Re: (Score:2)
Re: (Score:1)
It's only a false dichotomy if you posit that there are viable choices other than iOS and Android. Are you suggesting that Blackberry or Microsoft are viable alternatives? Because the marketplace would disagree with you.
Re: (Score:1)
"The suicide rate at Foxconn is less than an average American High School."
Compare it to a GM factory or some other American blue-collared industry and you'll see that for all the "prevention" Foxconn is truly dangerous. Also, I'd like to point out that there's no study on the long term effects of those work conditions, which can't possibly be good when short term they cause so many deaths.
And lastly ... Apple makes hardware and software, nice but no longer extraordinary. It sells a brand, an image, that's
Re: (Score:2)
"The suicide rate at Foxconn is less than an average American High School."
Compare it to a GM factory or some other American blue-collared industry and you'll see that for all the "prevention" Foxconn is truly dangerous.
Nope. Foxconn's suicide is not higher than US general suicide rates. I used those numbers to not get into a debate about how the Foxconn suicide rate is calculated. That and if that rate was so bad, why aren't we doing more in US schools? We aren't, which means we think that rate is acceptable, unless it's happening at Apple, and we hate Apple.
Re: (Score:1)
Re: (Score:1)
Well, there a LOT of people who really really want to broadcast their every moment via Facebook. So, people are CHOOSING to give up their privacy in exchange for, well, who knows what they get out of it.
You don't have to use the built-in Facebook/Twitter/whatever support or use any of the facebook/twitter/instagram apps from their store, if you don't want to.
And if you don't, I know, this is incredibly hard to believe, but, NONE of your information is sent to Facebook/Twitter/Instagram/whatever.
I don't hav
Re: (Score:2)
They can't really say they are 100% committed to protecting peoples' privacy when they keep pushing out the facebook app - which is of course dedicated to encouraging people to give up as much of their personal information as possible.
Yeah I know I'm feeding the troll here, but Facebook is not integrated into the OS or even distributed as a default app.
There is a difference between systems that take personal information from you and ones where you willingly give it away.
The Facebook app hasn't touched any of my devices, and now with content blockers in iOS, I won't even be giving them my ad cookies either when I inadvertently visit a site that has their Like button or other trackers.
Re: (Score:2)
ALL GLORY TO HYPNOTOAD
Droid does what iDon't: app apps in an app (Score:2)
Since when can you app apps in an iPad app? I thought only Android could do that [android-ide.com].
Apple Testing ? (Score:2)
Apple doesn't have a QA testing suite/lab for applications ?
Re: Apple Testing ? (Score:2)
Also, until all the apps are rewritten in Swift, any static analysis efforts are fairly easy to bypass. Objective-C is very flexible at runtime - most of the App Store inventory has potential for hosting malware.
Re: (Score:2)
Exactly. Apple is screwed by the original iOS design, in which they assumed the apps were all trusted first party, so didn't bother to put in a robust permissions system to differentiate API calls from trusted vs untrusted sources. Using Objective-C, with it's flexible runtime calls based on strings, it's trivial to bypass restrictions and gain access to APIs that you're not supposed to have. That is, calls made to app-facing APIs need to call internal APIs, and there's no way to practically prevent apps
Re: (Score:2)
Using Objective-C, with it's flexible runtime calls based on strings, it's trivial to bypass restrictions and gain access to APIs that you're not supposed to have.
You are simplifying to much.
Just because Objective-C is based on message passing does not mean you can bypass anything.
But if you have some examples how to manipulate API calls, that would be interesting.
Re: (Score:2)
Every time I bring up certain apps, I'm asked if I want to let them do X (mostly use my location). It would seem that there is a permissions system there.
Re: (Score:1)
IF they do it's certainly not doing very well is it.
Ahem.
Even if you read the TFS, you will see that they said that there is a "Potential" that some Apps could be "configured" to steal data.
Theoretical Exploit: Not a realized one. BIG difference!
And of course, no explanation of how Apps could be "configured" in said manner.
And if you actually break the rules and at least read SOME of TFA, you will see this most important factoid:
"While the apps were not stealing data, security experts said it would have been trivial for attackers to configure them
If that happens, *iOS is dying (Score:2)
You start by killing the numerous clones of popular apps.
Then Apple would have to kill itself, as iOS is based on FreeBSD, and *BSD is a clone of UNIX.
Good luck with that (Score:1)
Apple Wages Battle To Keep App Store Malware-Free.......and they'll lose.
There are a million malicious programmers versus what, a few dozen app testers and some automated code-checking tools?
Yeah, good luck with that. They'll never keep the App Store free of malware. I'm calling this one right now, Apple will lose.
Re: (Score:2)
They're doing better than the average Slashtard who moans about Apple all day.
Yes, but the day is still young.
They deserve this (Score:1)
Re: (Score:2)
Which is why Windows never had any malware (at least until Vista on, when they tried to make it harder to control the computer), and most Android devices have no malware problem, right?
Walled Garden (Score:2)
There's some other things they should focus on! (Score:3, Insightful)
Before I start, yes I'm an Android guy - but, I do have an iphone and ipad.
How.the.fuck do Apple fans justify that shitty app store? The search is OUTRIGHT BROKEN. It's BROKEN! There's so many fake / spam / SEO'd bullshit apps which come up when you search for something, it's fucking incredible.
It literally doesn't find the app I'm looking for, over 50% of the time.
I mean, I'm cool with tech companies not being perfect but this is the "Ever flawless" Apple who always get things right...? It's fundamentally broken.
I don't even care that the spam exists! so what? But at least fix the algorithm so when I search for "extremely well known app X" it actually returns a result of the "extremely well known app X" I'm looking for.
While I'm railing on them, one more thing* why in all that is !@#%$ing holy, can I not remotely install apps on my iphone / ipad from my PC? Yeah yeah, I'm an Android guy, I mentioned that,...
How can the Google Play store have had this for 3 years+ and third party Android app installers have had it for 5 years. FIVE YEARS.
I'm sitting on my PC for example, reading slashdot, someone says "hey blah blah is a brilliant app on my ipad, it really solved XYZ" I should be able to open a new tab, go to the app store, find the app and click "install to ipad"
It's nearly 2016. How is this fucking missing?
Worst part is, you ask this, even politely and Apple fans will tell you how "wrong you are" for wanting it. (I'm expecting at least a mixed / logical reaction on this site)
Outright crazy, poor design, backwards thinking. These are good features. It's nuts.
* Jesus I wish slashdot was still highly relevant, there might be a miniscule chance of an Apple person actually reading the post and fixing this idiocy.
Re: (Score:1)
There's setting for
"Automatic updates"
You can enable it for Music, Apps, Books and Updates.
It doesn't work by default if you're not on WiFi - but you can enable it, if you don't have bandwidth limitation.
I didn't know where this setting was, so I searched for "App" in the settings.
Re: (Score:2)
I think you're misunderstanding me or ..... I explained poorly.
I want the ability to REMOTELY install apps to my iPad, sitting on the coffee table downstairs or even on my desk at work while I'm at home, simply by going to the app store website, logging in to my itunes / app store account and clicking 'install' on whatever app.
It should then prompt me, "which Apple device?", of the "Apple devices registered on this account"
This is how it works on the Google Play store, it might even be 4 years, not 3.
Re: (Score:3)
"You have to use iTunes to download an app"
It looks like that because the App Store is not a website and the interface is in iTunes, but downloading to the device does not require connecting the device to the computer with iTunes in any way.
Re: (Score:2)
So, you want the capability to remotely load apps onto your iPad? Are you sure you'll remain the only one with that capability?
You can buy apps from your computer, and then you can sync. Assuming you like to keep some sort of backup, you'll be syncing periodically anyway. What's wrong with that?
Re: (Score:2)
You seem to be diverting the topic to security arguments. If the Apple app store login is secure enough to have my real name, payment info, it's secure enough to distribute applications to my ipad - just how it works on Google Play now.
As for itunes sync style, nope not a chance. That's a very poor system and I don't think anyone uses itunes anymore now that they don't have to. (The cloud backups on iphone / ipad work exceptionally)
Regardless even if I did want to do that, I'd still need the ipad in my
Re: (Score:2)
If you're discussing why you can't, security is the reason. Apple makes considerably different security tradeoffs than Android, and that is one thing to consider when deciding what to get.
Re: (Score:2)
The only part which the App Store cannot do is selecting specific devices. Any enabled device will download the new app and devices not enabled will not download it.
Re: (Score:1)
"While I'm railing on them, one more thing* why in all that is !@#%$ing holy, can I not remotely install apps on my iphone / ipad from my PC?"
I imagine Google's array of patents on remotely installing phone apps probably has something to do with it.
Re: (Score:1)
for anything that you search for there are 200 knock off Chinese apps. They'll never clean up their shit, it keeps feeding to marketing that they have X more apps than anyone else.
And how, pray tell, do you think the Google Play Store makes the same claims?
So...app vetting is and always was BS, then? (Score:2)
>> problems threaten to taint the App Store's years-long reputation as being high quality and malware free
So, we can agree that Apple's application vetting process is and always was bullshit, right?
Re: (Score:2)
Due to their original design and the use of Objective C, yes.
Their screening process consists of scanning code for using "undocumented" system calls that are restricted for Apple's use only.
Obfuscate those system call strings and you have now bypassed the screening process (ala: XcodeGhost)
Too bad they can't stop it, until they move every app to Swift (now you know why they created a new language).
Even if they could crack every system call string alteration an app could do, the app could request the system
Then don't make a damn Turing machine (Score:2)
The way to work around the halting problem is to build a machine that is useful yet less capable than a Turing machine. One example of such a machine is a linear bounded automaton [wikipedia.org], which is a Turing machine that never moves the pointer past the end of the input. An LBA recognizes context-sensitive languages, and it is equivalent in power to a physical computer, which has limited memory. Halting is solved on an LBA, by making a universal LBA twice as long as the original and running two copies of the program