Apple Makes Case Against App Sideloading by Comparing iPhone Security to Android Malware Stats
Friday, October 22, 2021
Apple’s white paper argument for iPhone security practices does not really address the fact that the App Store (and its vetting process) would continue to be available in any of these scenarios. Some contend that Apple restricts “power users” and those more technologically sophisticated in the name of protecting its most naive demographic of device owners, giving neither group a free hand in using hardware that they own (and likely paid a premium for).
Ilia Kolochenko, Founder/CEO and Chief Architect of ImmuniWeb, observes that this approach does cut down on malware exploitation of more vulnerable users but can never entirely eliminate it: “Security by obscurity is one of the main pillars of Apple’s mobile security model that actually works pretty well compared to Android. By keeping its source code private and by preserving its mobile ecosystem closed for any third parties, Apple indeed prevents countless mobile attacks. Actually, full control over hardware, OS and application layers of iOS devices greatly simplifies security compared to a convoluted patchwork of Android security, especially for devices running older versions of Android … Nonetheless, virtually every month a new critical vulnerability is discovered in iOS that allows remote code execution, sometimes even without interaction with the victim. Some malicious iOS apps also manage to bypass Apple Store’s multilayered controls and get installed by unwitting users. The chances to get a malicious app on your iOS device are, however, significantly less compared to an Android device. That being said, even if security by obscuring is clearly not a panacea, opening Apple’s ecosystem to third parties will, undoubtedly, bring a tenfold increase in malware targeting iOS devices and undermine Apple’s security model.” Read Full Article
ValueWalk: Crypto Fraud Costs More Than $200 Million This Year, U.K. Police Say
CPO Magazine: 10,000 “High Risk” Targets of Nation-State Hacking Groups Get USB Security Keys From Google