Last week, the mobile security community confirmed that an iOS app available in Apple’s App Store was found to contain an embedded Trojan horse. Although the app in question isn’t thought to pose a nefarious hazard, the real concern is that a potential malware threat worked its way past Apple’s supposedly exhaustive review process.
Despite the indisputable reality that malware is more commonplace on Android than iOS, the unfortunate App Store discovery could foreshadow the start of bigger security concerns for iOS.
On Monday, app developer Devon Jordan spoke exclusively with Examiner and expressed his view that Apple’s “arrogance” has been taken as a direct challenge to malware writers.
“At times, Apple and its executives have almost taunted Android for being more vulnerable to malware, all while presenting itself as a fortress free of infection,” Jordane says. “That is an open invitation for the bad guys to try harder.”
According to Jordane, the media’s excessive coverage of malware in the App Store will only inspire bigger, more widespread targeting by malware creators.
“Look at how the media reacted to one harmless app,” Jordane says. “Some were calling it an iOS malware meltdown. Is that an exaggeration, perhaps? Yes, definitely. But Apple has only asked for these problems by appearing to be so far above them.”
“If Apple tested the app by running it in a sandbox and watching the app’s activities, that would be more effective than scanning MP3s for malware strings,” security expert Rich Mogull tells MacWorld, noting that it remains unclear how Apple actually tests apps during the approval process. “Thus, we don’t know for sure if [any Apple malware-scanning] process worked or not. A malware link that never runs isn’t a threat, and there are very legitimate ways of testing that won’t find something like this if it isn’t a valid exploit.”
In recent months, prominent names in the Android ecosystem – from Google itself to Android ad network Airpush – have received praise for their efforts to curb the proliferation of malware.
“The threat of mobile malware is damaging to all players in the ecosystem, and mobile ad networks are uniquely positioned to combat the threat,” says Asher Delug, CEO of Airpush, the second largest ad network for Android.
Last fall, Airpush integrated Appthority’s mobile security technology directly into its platform and now scans all advertiser app promotions and URLs as “an additional layer of protection to our manual approval process.”
The big question today is what will Apple do to ensure that last week’s malware discovery doesn’t represent the wave of the future? If Apple isn’t fully prepared to thwart an anticipated malware onslaught by implementing the tools and techniques that Android’s top players are using to restrain the spread of malware, iOS could quickly lose its reputation as the “safest” mobile operating system.
Regardless of the anti-malware efforts underway in the worlds of iOS and Android, mobile consumers are strongly encouraged to do their part to mitigate the threat of exposure and infection.
“Consumers need to step up their game, too,” says Jason Ankeny of Fierce Mobile Content. “Caution and common sense are perhaps the most effective weapons for halting malware outbreaks, but Consumer Reports’ Annual State of the Net survey suggests that 39 percent of U.S. adult smartphone owners fail to take even minimal security measures. More than 1.6 million Americans have been fooled into installing what appeared to be a popular, brand-name app but was actually a malicious imposter–another 69 percent of smartphone users haven’t backed up their data, including photos and contacts, and just 22 percent have installed software that could help locate their device in the event it’s lost or stolen.