Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Accountability, Not Code Quality, Makes iOS Safer Than Android

timothy posted more than 2 years ago | from the well-it-isn't-obscurity dept.

Android 210

chicksdaddy writes "Threatpost is reporting on a new study of mobile malware that finds accountability, not superior technology, has kept Apple's iOS ecosystem free of viruses, even as the competing Android platform strains under the weight of repeated malicious code outbreaks. Dan Guido of the firm Trail of Bits and Michael Arpaia of iSEC Partners told attendees at the SOURCE Boston Conference on Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms which shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware, despite owning 30% of the mobile smartphone market in the U.S. Apple's special sauce? Policies that demand accountability from iOS developers, and stricter controls on what applications can do once they are installed on Apple devices."

cancel ×

210 comments

iOS programmers are superior (-1)

Anonymous Coward | more than 2 years ago | (#39755349)

IOS = Formula 1
Droid = Demolition Derby

Re:iOS programmers are superior (4, Funny)

flyneye (84093) | more than 2 years ago | (#39755631)

Telepathy= Salt flats
C.B. Radio= Nascar
Twitter= lemmings jogging

Re:iOS programmers are superior (1)

Sponge Bath (413667) | more than 2 years ago | (#39756221)

Don't be surprised to see that text show up next to dancing silhouettes on a colorful background in an advertisement.

under the wait? (0, Troll)

Anonymous Coward | more than 2 years ago | (#39755357)

Time is money and I could stand to lose a few pounds

Low bandwidth? (0, Troll)

Anonymous Coward | more than 2 years ago | (#39755361)

"Strains under the wait"?

But the Apple factor? (-1)

Anonymous Coward | more than 2 years ago | (#39755365)

But did they forget the Apple factor? It is probably safe to have a virus every now and then than supporting Apple Inc.

Troll? No.

Re:But the Apple factor? (2, Informative)

flyneye (84093) | more than 2 years ago | (#39755577)

Don't you remember being a lil kid? Anything you want to do is safe as long as you have someone to blame.
Accountablility=safety.
Oh a security breach! It's Norms fault, Fire him!
Problem solved, you're all safe now that Norm isn't coding for us anymore.
For Security, just think different.

Re:But the Apple factor? (5, Insightful)

wvmarle (1070040) | more than 2 years ago | (#39755767)

Being accountable does help keeping people honest. Knowing you will get away with taking a fistful of dollars from the cash register versus knowing that the management will realise that there is money missing from your cash register makes a big difference.

Security is all about layers. Accountability is just one of them, and it is an important one.

"has kept Apple's iOS ecosystem free of viruses" (-1)

Anonymous Coward | more than 2 years ago | (#39755367)

"has kept Apple's iOS ecosystem free of viruses" .... really?! entirely free?

Re:"has kept Apple's iOS ecosystem free of viruses (1)

flyneye (84093) | more than 2 years ago | (#39755585)

Well , I'm certainly not going to pay for it.

Re:"has kept Apple's iOS ecosystem free of viruses (-1, Offtopic)

hot soldering iron (800102) | more than 2 years ago | (#39755865)

I don't know about "free of viruses". They are currently dealing with over 650,000 Macs that are infected with the Flashback Virus. Remember, OSX (and maybe iOS, I'm not that familiar with Apple products) is based in a proprietary *nix, and there have been rootkits for *nix almost since the beginning.

Another point: when you have a walled garden, and you're the gatekeeper, you are ultimately responsible for what gets let in. Of course, you severely limit what gets let in, to reduce your chances of liability. Freedom? Not here.

Still better than Windows, but not nearly as good as the Apple fanbois want to believe.

Re:"has kept Apple's iOS ecosystem free of viruses (3, Informative)

kthreadd (1558445) | more than 2 years ago | (#39755971)

Flashback is a trojan, not a virus. And it only affects OS X, not iOS. If someone knows of an actual virus for iOS (and for OS X too by the way) I'm very interested to know about it.

Re:"has kept Apple's iOS ecosystem free of viruses (0)

hot soldering iron (800102) | more than 2 years ago | (#39756095)

Thanks for the clarification. So, Flashback isn't malware? Or are you just splitting hairs?

Re:"has kept Apple's iOS ecosystem free of viruses (1)

kthreadd (1558445) | more than 2 years ago | (#39756119)

No I just wanted to clarify it since there is a huge difference between a trojan and a virus.

Re:"has kept Apple's iOS ecosystem free of viruses (1)

youn (1516637) | more than 2 years ago | (#39756163)

My thought exactly... it is not necessarily because a platform is currently less plagued that it is more secure and I won't be splitting hairs w/ you... part of the reason is I am not really sure how I would go about splitting hairs anyway :p

You have to be kidding (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39755389)

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do. This in contrast to an OS that can be rooted by a fucking website.

Re:You have to be kidding (3, Insightful)

ircmaxell (1117387) | more than 2 years ago | (#39755441)

This. Very much this.

This article is pure FUD. Plain and simple.

Malware, by its very definition [us-cert.gov] is:

Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

Re:You have to be kidding (4, Insightful)

Black Parrot (19622) | more than 2 years ago | (#39755695)

This article is pure FUD. Plain and simple.

Can't imagine that a company called "iSEC" would be biased on this matter.

Re:You have to be kidding (2)

youn (1516637) | more than 2 years ago | (#39756183)

iLOL, what makes you think so :p

Re:You have to be kidding (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39755839)

There's a number of things you're missing. Most importantly: practically everyone would consider trojan horses to be malware, or at least an important security issue. Just because the user checked a box somewhere doesn't mean that trojans don't count.
Beyond that, trojan horses are due to their very nature less useful in an environment where accountability is higher. This is definitely the case with Apple/iOS, and has lead to a large number of false positives and censorship by Apple, both of which have been discussed at length here on slashdot.
Thirdly, unlike Android, I haven't seen any major and widely-reported breaches of apple devices, despite widely-available jailbreaking tools. This surprises me quite a bit. According to the iPhone users I've asked about this they claim that the cause is that most jailbreaks these days work through a physical connection (ie. with a computer).

Android may be more secure in capable hands, but the average user is safer in an environment where available software is code-signed and strictly supervised, either by a single entity such as Apple's iOS market or by the community such as the debian repositories.

Re:You have to be kidding (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39755843)

Sure, but if the user is asked for every app whether to share data, the act of sharing data then becomes a standard part of the install. Very technically aware users will make use of this, but for most users it's effectively worthless: it's just another mind-numbingly annoying button you click for the app to run, like EULAs almost no one reads. (Just to be clear, I'm not really arguing about Android vs. iOS, I'm just pointing out the generally low value of relying on users giving consent for an install.)

Re:You have to be kidding (2)

Nemyst (1383049) | more than 2 years ago | (#39756263)

So basically the only way would be protecting users from themselves?

Do you see where that'd be going?

Re:You have to be kidding (2)

multi io (640409) | more than 2 years ago | (#39756047)

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

Does that mean that there can never be malware on an operating system like Windows which (AFAIK) doesn't have a mechanism for the user to "say that it's ok for an application to collect that data"?

Re:You have to be kidding (2)

yoctology (2622527) | more than 2 years ago | (#39756079)

But consent has to be informed. What are the implications, amount, frequency, and potential commercial exploits of the data you are giving permission to use?

Re:You have to be kidding (1)

AmberBlackCat (829689) | more than 2 years ago | (#39756113)

Android requires that you give consent, since it tells you what permissions the application needs prior to installing it. So by very definition, these data leakages on Android are not malware. The user said it was ok for that application to collect that data.

If all users factor out the apps that require these kinds of permissions, how does the set of Android apps compare to the set of iPhone apps?

Re:You have to be kidding (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39755505)

and what percentage of phones out there have the latest Android release? My Galaxy S2 is still waiting...

Re:You have to be kidding (3, Informative)

cyber-vandal (148830) | more than 2 years ago | (#39755729)

No it isn't, the firmware's been out for a long time now.

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39755899)

My Samsung/T-Mobile Galaxy 4G isn't likely to get ICS ever, unless I switch to a community created image. But, as much as I like running the latest stuff, I'm not sure it matters unless there's something wrong with Gingerbread. I haven't, to my knowledge, had any viruses, and I pay attention when I update apps and they want access to things like my contact list for no good reason. Has my phone been "pwned" and I just don't know it? What is the REAL risk here?

Re:You have to be kidding (1)

kthreadd (1558445) | more than 2 years ago | (#39756003)

What about security updates, are they also delayed for months (or never shipped?) to most Android phones?

Re:You have to be kidding (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39755579)

Could you post the link, please? Seriously. I have an iPhone 3GS which I want to jailbreak to use with another phone carrier, but it has been updated to ios 5.1 and nothing I find (whited00r, redsn0w, tinyumbrella etc) seems to work. The most I've been able to is make the phone boot with a non-working 3G/Wifi radio, which defeats the device being a mobile. Fucking Apple support doesn't want to make it free, and my old operator says it has been freed (my ass).

Please, post the link, it would have saved me a week of failed hacking attempts so far!

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39755969)

Here You go: http://www.google.com

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39756015)

Thanks, moron, I've been using that for a week and it's of no use.

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39756241)

Unfortunately, OP was referring to a website that worked for iOS 4 rather than iOS 5. It exploited a security flaw in the iOS pdf viewer to gain root and jailbreak the device. For you, who who want to unlock your phone's radio in addition to jailbreaking, I'm afraid you're currently out of luck. blog.iphone-dev.org has a tool that will allow you to jailbreak, but if you updated the phone normally, your baseband (the phone software on your phone) doesn't have the exploit ultrasn0w (dev team's unlocking firmware) needs to work properly, and your phone can't be unlocked illegitimately. however, if you're in the states, you can take your phone to a friend with an AT&T contract and they should be able to get it unlocked for you (just did that myself last week, takes a couple of days). Hope that helps.

Re:You have to be kidding (0, Flamebait)

Anonymous Coward | more than 2 years ago | (#39755609)

Well, the main problem Android has is that is made by a bunch of assholes, lead by the major asshole himself: Mr. Andy Rubin. Also, the SDK is a fucking joke. Get a Nokia N900 or N9 if you want the real deal.

--
Sundar Pichai's incompetence costed me my job. Fucking him and his fucking family!

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39755615)

can you disable an applications access to the internet per application, without rooting.

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39755633)

Sure. You only have to turn off wifi and 3g.

Re:You have to be kidding (5, Informative)

mysidia (191772) | more than 2 years ago | (#39755653)

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

The reason there are fewer iOS malware infections has to do with something totally separate from security of the device.

There is a 'more efficient' distribution channel for Android platform malware.

Developing for the Apple platform requires a security certificate from Apple to sign applications, paying money to apple, signing a contract, and approval from Apple and review to be listed on the pap store, which makes the app store a less efficient means of distributing malware than the Android marketplace.

An operating system can be extremely insecure, but if there is no useful distribution channel, or no network connection, it is not likely to be infected.

Re:You have to be kidding (5, Interesting)

chrb (1083577) | more than 2 years ago | (#39755935)

I don't think that is the reason that we hear more about Android malware, although it may be a factor. The barrier to entry of becoming an iOS developer is: buy a Mac (Intel Mac Mini will do), pay $99, sign up on web site. The barrier to entry of becoming an Android developer is: buy a PC (any will do), pay $25, sign up on web site. You could argue that the cost of a Mac Mini is prohibitive, or that hackers are less likely to own a Mac and begin hacking around on iOS in the first place, but for serious malware authors these are not significant barriers.

The real reasons that we hear more about Android malware:

1. Android users can enable installs of apps from non-official markets and random web sites. Many of the reported malware apps come from these kind of sites. But users have to explicitly do this, no phone ships with random web sites enabled as app stores. These same users, having enabled random app sources, then presumably don't bother to check the permissions that the app they install requests.
2. Android allows apps to send premium rate SMS messages and calls without an explicit popup. I personally think Google should probably kill this ability, but then I never call premium rate numbers. Blocking premium rate texts would kill the profit incentive for most malware. If this were an explicit, in your face, permission or setting (like the big warning for data roaming in settings!), then we wouldn't have seen any premium SMS fraud malware.
3. Apple marketing is happy for the media to push the "no iOS malware" angle in the same way that they did successfully with "no OS X viruses". It isn't strictly true, but people believe it anyway, and there is a huge class of users who are willing to pay more for the belief that there will be fewer problems in future. Malware that affects a few thousand people really isn't important in the big scheme of things, but it is something that marketing can use to try and differentiate iPhones in the eye of the consumer from very similar and equally capable Android phones.
4. Apple fans are pushing the "Android is full of malware" meme extensively, even though very few Android users have actually been affected. Is malware an issue that should be dealt with? Yes, but these same Apple fans who argue that Android is "straining under the weight of malware" after a few thousand users have been infected, are also the ones who claim that half a million infected Apple desktops is no big deal.

History has shown that a monoculture is actually more vulnerable to attack. There were some very skilled virus writers back in the 80s who innovated with polymorphic, anti-virus proof code, hidden boot sector infections etc. For whatever reasons, these kinds of hackers moved on to other projects, and what we see now in the virus/malware sector is mainly an industry driven by financial profit motive. iOS has had root exploits, and getting an app on the iPhone app store isn't that hard. Maybe they scan code and do some static analysis to try and spot dodgy functions, but at least one person has gotten malware into the iPhone app store, so it is certainly possible. I really do think that the only reason this hasn't been done is due to the explicit permission that the iPhone requires to send a premium rate SMS. If people ever start doing widespread banking on the Android/iPhone, or Android/iPhone malware ever becomes a populist hobby again (like viruses of the 80s), then I'm sure there will be more. An X-Prize, designed to stimulate malware production on either platform, would almost certainly produce results.

Re:You have to be kidding (5, Interesting)

DavidRawling (864446) | more than 2 years ago | (#39755719)

On the contrary, the user has NO control over app permissions, by default. The app author sets what he/she wants, and the user has the choice of accepting it or finding an alternative. No justification, no ability to say "well I want this useful SSH app but I don't want it reading my contacts, so I'll deny that permission". Yes, there are firewall apps (the permissions are in the OS, why do I need an APP to enforce OS permissions?) and for rooted devices, apps that can tweak permissions. But the default is horribly, terribly broken because most of the power is in the hands of the developers, NOT the users.

Re:You have to be kidding (2)

thegarbz (1787294) | more than 2 years ago | (#39756023)

You would have a point in the case of a killer app, or an only app. In the case of the SSH app, simply pick one of 20 other SSH apps in the market place. Typically for most things you want to do on your mobile there is ample choice available.

The only time this breaks down is when you're forced to use an app for a specific purpose due to popularity. If for instance Draw Something suddenly needed a stupidly unrealistic set of permissions then you'd have something there, but the app would likely drop in ratings quite quickly too.

Re:You have to be kidding (5, Informative)

BasilBrush (643681) | more than 2 years ago | (#39755745)

Since when is the iOS more secure? ...an OS that can be rooted by a fucking website.

If that is your measure, the answer to the question you pose is July 15th 2011. That was when the last version of iOS that could be rooted via a website was replaced.

4.3.3 could be jailbroken via website, 4.3.4 would not.

5.x has been out since Oct 2011.

Personally I'd say a better measure is the amount of malware. And on that measure, Android has always been many times worse than iOS.

Re:You have to be kidding (4, Insightful)

kthreadd (1558445) | more than 2 years ago | (#39756039)

I like Android, but what has kept me away from it is that I have not found an Android phone that consistently gets new updates after they are released for a long period of time. Sure, Apple makes mistakes like this but the important thing is that they shipped an update and basically all affected phones got it even if they were a couple of years old.

Let's say that the same thing happened to Android. How large percentage of Android phones would even get the update at all?

Re:You have to be kidding (4, Informative)

wvmarle (1070040) | more than 2 years ago | (#39755775)

Afaik most Android malware is not from the Play Store, but from third-party Android stores.

And besides Play Store does have accountability: every developer has to register, and pay a small one-off registration fee as form of identification.

Re:You have to be kidding (4, Informative)

jsvk (2579005) | more than 2 years ago | (#39755847)

the exploit you're talking about existed for 1 or 2 minor version numbers, and can no longer be exploited (including by the device owner) due to the OS version(s) no longer being installable without jumping through some hoops (apple's server no longer signs off on the installation). It was a bug in the PDF renderer for safari, for anyone wondering.

Rooting iOS devices remains a hunt for exploits in every version release, and no one's ever sure if and when the next version's exploit will be released. Many 4S/iPad users on iOSv5.1 are have been stuck using a jailed, but perfectly secure device for months now, with no guarantee that the jailbreak will come anytime soon.

Each version makes iOS more and more secure, and there's no guarantee Apple won't eventually release a perfectly secure, jailed OS, and I hope at that point this OS dies off, but that may be asking too much.

Re:You have to be kidding (0)

Anonymous Coward | more than 2 years ago | (#39755883)

The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

So the code and permissions are stable and solid

That doesn't help much when even the preinstalled apps demands your position, data and full rights to send them back to google.

Hey, you can't even turn on your own gps sensor without agreeing to that!

So now that all apps usually gets full permissions, how do we stop the malware.

Re:You have to be kidding (2)

gstrickler (920733) | more than 2 years ago | (#39755925)

Since when is the iOS more secure?

Headline says "safer", not "more secure". Safer != more secure. A Windows 95 machine that is not connected to the internet is safer than a Linux web server, but it's certainly not more secure.

BTW, most Android devices have Flash. If Flash isn't current (and even if it it), it's likely your device can be rooted by a website. I haven't heard about targeted attacks on Flash for Android, but Flash for Android has most of the same vulnerabilities as Flash on the desktop.

Re:You have to be kidding (1)

AmberBlackCat (829689) | more than 2 years ago | (#39755943)

Since when is the iOS more secure? The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do. This in contrast to an OS that can be rooted by a fucking website.

None of that matters as long as that version of android doesn't exist on any Android phone sold.

Re:You have to be kidding (1)

shoehornjob (1632387) | more than 2 years ago | (#39756135)

The latest Android has a very stable code and a solid permission system that allows the user to set exactly what an app can or can't do.

Therein lies your problem....the user. Oh and it doesn't hurt that a large portion of the marketplace is crawling with malware. Google does not do a good enough job of policing the apps and end users can't be relied on to secure their machine.

Re:You have to be kidding (4, Insightful)

mkraft (200694) | more than 2 years ago | (#39756201)

I'm not sure why this was modded insightful, let alone +5 since if you read TFA you'd know that they weren't saying that iOS is more secure, only that there are virtually no delivery mechanism for malware because of Apple's app store policies of requiring real world identification of an app author to publish apps in the app store. That and iOS apps are more restricted in what they can do over Android apps.

That's the problem when articles like this hit Slashdot. Rabid fanboys (Apple and Google) start posted without even reading the article. The same thing with modders.

what counts as malware.. (5, Insightful)

gl4ss (559668) | more than 2 years ago | (#39755395)

..and how would they detect it on the ios? they just said that there is _zero_ malware, yet there's plenty of ios games/apps which leak all your contact info?(as is there for android).

(and the accountability part is that it takes a little more checks to get yourself identified as a publisher for itunes appstore.. however.. it doesn't take that much, there is and has been plenty of unauthorized distribution of asian comics etc there)

I haven't identified any iOS malware either, but that could be because I haven't looked for any(just not my field).

Re:what counts as malware.. (4, Informative)

pankkake (877909) | more than 2 years ago | (#39755515)

Malware has been accepted in the Apple App Store, TFA is bullshit.

Re:what counts as malware.. (5, Funny)

wvmarle (1070040) | more than 2 years ago | (#39755793)

No, no, no. Totally wrong. If it's reviewed and accepted for listing in the App Store, then it's not malware. So the App Store is by definition 100% malware free. QED.

Re:what counts as malware.. (3, Insightful)

BasilBrush (643681) | more than 2 years ago | (#39755783)

As a tul of thumb:

Uploading your contact data for the purposes of expected social connections within the app is not malware. It's not the way it should be done, and poses a security risk if the server is compromised. But there is no mal-intent there. Nevertheless such practice is now explicitly banned without asking the users permission via a dialog at the time.

Uploading your contact details to a server for the purposes of mailing lists, tracking outside of the intended application domain would be malware.

The former is what was flagged up for iOS.

Android meanwhile suffers from both, and much, much worse, such as malware sending premium rate SMSs, thus potentially causing users severe financial losses.

Re:what counts as malware.. (5, Insightful)

chrb (1083577) | more than 2 years ago | (#39756025)

..and how would they detect it on the ios?

Good point. The security researchers who identified some of the Android malware visited third party Android app stores and downloaded all of the apps so that they could build up a huge app corpus, which they could then scan (static analysis) for malware suggestive signatures. They stated that they couldn't do the same with the iPhone because Apple prohibits mass downloading of iPhone apps in order to build an iPhone app corpus. So the only people who can look for malware across the whole range of iPhone apps is Apple, and it seems unlikely that they would announce if they found any malware, when they can instead just silently remove it from the app store.

Freedom has it's risks (5, Insightful)

Zico (14255) | more than 2 years ago | (#39755407)

Guess what?! Freedom comes with risks! I don't make any decision until I weigh the pros and cons and do a bit of research, and yes, this includes any and all apps I may want to use.

Re:Freedom has it's risks (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39755457)

Freedom has little risks compared to looking to be "taken care of".

Re:Freedom has it's risks (4, Insightful)

vakuona (788200) | more than 2 years ago | (#39755477)

And that is why the Android model is flawed. Not fatally mind you, but flawed nonetheless.

You can't expect people to have to audit every bit of software that they install on their smartphone. In fact, it ought to be reasonable for users to expect software they download off the official repositories (App Store, Market) to be malware free.

And yes freedom comes with risks. But freedom also allows users to choose a phone that doesn't require them to expend more effort than necessary to be able to do what they require. Don't forget, a smartphone is a luxury, not a necessity.

Re:Freedom has it's risks (2)

marcello_dl (667940) | more than 2 years ago | (#39755575)

> to choose a phone that doesn't require them to expend more effort than necessary to be able to do what they require

Am reading this the day after having to perform a forced itunes upgrade (no not on my boxes of course)

Re:Freedom has it's risks (0)

BasilBrush (643681) | more than 2 years ago | (#39755837)

There's no such thing as a forced iTunes upgrade.

Re:Freedom has it's risks (0)

FireFlie (850716) | more than 2 years ago | (#39756083)

If you want to continue using your phone there is. I upgraded two iphones in my home at one point. Turned out we lost access to our phones because itunes was too old. We had to upgrade our os before we could update itunes just so we could load our music and applications.

Re:Freedom has it's risks (1, Insightful)

BasilBrush (643681) | more than 2 years ago | (#39756231)

You CHOSE to upgrade your iPhones to the latest iOS version, that iOS version wasn't supported by the version of iTunes you had on your computer, so you CHOSE to upgrade iTunes too.

The fact that one software product is only compatible with certain version numbers of another software product doesn't make for a forced upgrade.

Re:Freedom has it's risks (5, Insightful)

squiggleslash (241428) | more than 2 years ago | (#39755647)

If you ever feel like it, buy yourself an Android device (one with Google), and actually try buying some software - or even downloading stuff from a third party website and installing it directly.

You'll notice that "auditing every bit of software (you) install" is ridiculously easy. The installer tells you what rights the app needs when you install it. It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

If an app doesn't ask for a particular right, Android's security model prevents it from doing whatever it was that required the right in the first place.

By comparison, as I understand it, I only have Apple's (and a developer's) word that a particular tool for iOS doesn't contain malware. I'm not going to be told what parts of the system it needs to access, I just get a straight "Do you want the advertised features or not?" choice.

The flaw here is on Apple's side. Both systems require you audit the apps you install. Only Android actually lets you do that.

Re:Freedom has it's risks (5, Insightful)

QuasiSteve (2042606) | more than 2 years ago | (#39755743)

It's pretty easy to determine that a game does not need to capture your keystrokes, and if a cool tool to change the wall paper needs "access to your Google account" then there's obviously something odd going on.

Certainly, but even when setting aside that people ignore this all too easily because they simply want the shiny, your examples are obvious.

What if a chat app wants access to the internet, your contacts, and your phone?
Well the internet makes sense - can't very well expect an app that is intended for chatting to not have that connectivity.

Contacts also makes sense because in combination with the phone, it allows the app to send a text message if you have no internet connectivity or simply choose to use SMS instead of its internet-based chat functionality.

So you install the app, and the app sends all your text for datamining to China, all of your contacts to some company in Bulgaria, and sends a bunch of texts to expensive SMS service numbers.
Oh, and it also lets you chat with people, so as far as you know, it's doing exactly as advertised.

This is no different on any other platform, of course. It may have been different in the early days of the iPhone, but I rather doubt that they still check each and every app before making them available and instead rely on exactly what the article says.. accountability.. you only get away with malware once unless you also manage to fool Apple into allowing you a new account. But to the end-user(s), the damage is already done anyway.

Re:Freedom has it's risks (0)

Anonymous Coward | more than 2 years ago | (#39756035)

Here's the reality: only a unbelievably small subset of people will even look and/or understand/or care about that permissions message. This is a trope that drives me nuts. YOU, poster, need to understand that your tech level != almost everyone else. And aside from that, do you test your water every time you drink it? Do you test your meat every time you buy it? This list can go on forever. Not everyone can have knowledge of everything.

This is the same reason we have governments, FDA, etc etc. It's much easier to have an inherent trust than having to make sure everything you use (be it water or android apps) is safe. Sometimes shit happens, but on the whole, you can see which one works for more people.

Re:Freedom has it's risks (1)

betterunixthanunix (980855) | more than 2 years ago | (#39755799)

Don't forget, a smartphone is a luxury, not a necessity.

This may change over the next few years, if efforts to turn smart phones into payment devices gain enough traction. You might find yourself in a store that is not equipped to handle transactions by any means other than smart phones (or paper money, but for something items paper money is a bit impractical -- do you really want to hand someone a wad of $20 bills when you buy a new matress?).

Re:Freedom has it's risks (1, Insightful)

BasilBrush (643681) | more than 2 years ago | (#39755825)

Guess what?! Freedom comes with risks! I don't make any decision until I weigh the pros and cons and do a bit of research, and yes, this includes any and all apps I may want to use.

That's a pretty high cost. A bit like living in a ghetto, and having to consider your personal safety every time you go out, versus living in a nice, safe, pleasant community.

Accountability (1)

Anonymous Coward | more than 2 years ago | (#39755433)

Who is accountable for using wait instead of weight?

Stats among rooted or jailbroken phones? (1)

poity (465672) | more than 2 years ago | (#39755443)

Would the ability to run unapproved software make the infection rates in both of these subgroups near equal? I wonder how many out of all android device are rooted, and how many out of all ios devices are jailbroken. If a higher ratio of droid phones are rooted, with all else equal, then that could also push up the infection rates.

Re:Stats among rooted or jailbroken phones? (1)

poity (465672) | more than 2 years ago | (#39755493)

Ah sorry I didn't rtfa. They focused on the availability of malware within each marketplace, which is another good measurement, though totally different from what I was thinking. Post rescinded.

Is this Covert Advertising for Apple's Ecosystem? (4, Informative)

dryriver (1010635) | more than 2 years ago | (#39755447)

Last time I checked, there were plenty of reports of malicious iOS apps clandestinely hoovering up your private data/contacts, and sending that bundle to the app's developers, who will use it for Lord-knows-what-nefarious-purpose. With this being the case, how can anyone possibly claim that iOS is "secure & malware free". The malware doesn't have to be a Trojan or Virus. It can also be a nasty little app that secretly sends your private data to a server somewhere that you don't even suspect exists. ----- I don't understand why Apple fans need to maintain a strange belief into the "infallibility" of Apple's ecosystem. Apple is plenty fallible in my humble opinion. And this is just another snide attempt to advertise the "Extra-Special-Specialness" of using Apple products.

Re:Is this Covert Advertising for Apple's Ecosyste (2, Insightful)

Clsid (564627) | more than 2 years ago | (#39755583)

Call it whatever you want, but we just got the first major malware outbreak in OS X recently after so many years. On the iPhone that is unheard of. Much as in the Windows world and the much hated Vista security system that kept asking you, do you want to do this, or allow that?, that security model is fail since regular users will start saying yes to everything and then end up with a problem. Call Apple what it is, an overpriced hardware/software company that likes to keep the lid closed, but as far as their products running trouble free in general, I will have to agree with the article. But hey, everybody is free to think whatever they want.

Re:Is this Covert Advertising for Apple's Ecosyste (1)

wvmarle (1070040) | more than 2 years ago | (#39755827)

And another big difference: Windows/OS-X malware are usually worms that spread themselves over the network (including drive-by downloads). I haven't heard of any such malware with Android or iOS, instead it was always linked to a certain app that contained some "extra functionality".

Re:Is this Covert Advertising for Apple's Ecosyste (3, Interesting)

hot soldering iron (800102) | more than 2 years ago | (#39756057)

I've told people for several years that Apple, Windows, and Linux are for totally different philosophies. Apple seems to be more for the creative content producers, that don't really want to know how the computer works, or play with it, they just want to focus on whatever it is that they want to do. They may pay a premium, and have a severely limited selection, but they are getting what they want. Windows seems to appeal to the largest percentage of the consumer market and industry. It's got everything under the sun available for it, and is fairly well locked down, but with some work you can dig into it and do some limited customizing.

You didn't think I was going to leave out Linux/Android, did you? My personal favorites, but I don't recommend them for everyone. They seem to appeal to the tinkerers and hackers, not afraid to get their fingers burned or let the magic smoke out. Linux does run most of the Internet though, and most smartphones, and a lot of tablets now, and Google and Yahoo! and Ebay, and 9 out of 10 financial institutions, and is embedded in most home routers and god-knows-what-all. Just not most desktops.

Re:Is this Covert Advertising for Apple's Ecosyste (0)

BasilBrush (643681) | more than 2 years ago | (#39755885)

It's only malware if it's doing it for malevolent purposes. If an app is uploading your contacts for the purposes of matching up social graphs within the app to deliver the features the app promises, then that's not malware.

It's poor app design... that is better done by uploading hashes of email addresses rather than actual addresses. But it's not malware.

It's also unacceptable and is against specific App Store rules that now require explicit approval, each time before an app does such a thing. But its still not malware.

What there isn't on iPhone is apps that covertly send premium rate SMS messages. But there is on Android.

Not a complete shock (2)

darkonc (47285) | more than 2 years ago | (#39755453)

Most malware authors prefer anonymity. If we know who you are, you're not going to get much more than one shot at selling malware on our platform.

Time is precious (2, Funny)

Anonymous Coward | more than 2 years ago | (#39755471)

the competing Android platform strains under the wait of repeated malicious code outbreaks

Yeah, it's the waiting that I can't stand.

Apple Fanboi article (2)

Bysshe (1330263) | more than 2 years ago | (#39755479)

For some reason I doubt Boeing would build a super secure phone [theregister.co.uk] on a flawed platform. Neither platform is inherently more secure than the other.

Re:Apple Fanboi article (3, Insightful)

Sponge Bath (413667) | more than 2 years ago | (#39755569)

I would not be so quick to label it Apple Fanboy.

FTA: "despite accounting for <strike>more than 40%</strike> 30% of the same market."

Seems like a jab at falling market share. I think the real motivation behind the article is inflammatory statements to get views.

Begging the question (1)

thePowerOfGrayskull (905905) | more than 2 years ago | (#39755523)

Thursday about an empirical analysis of existing malicious programs for the Android and iOS platforms shows that Google is losing the mobile security contest badly — every piece of malicious code the two identified was for the company's Android OS, while Apple's iOS remained free of malware,.

Wait, what?

An empirical analysis of existing malicious iOS and Android programs (which the article claims do not exist for iOS) shows that no malicious apps exist for iOS.

Begging the question much?

A price I'm willing to pay? (2)

aoty (533561) | more than 2 years ago | (#39755525)

Of course a walled garden is safer than the wild west. I bought into Apple's ecosystem for my phone, because reliability and stability are very important qualities to me for that type of device. And I haven't been disappointed with my choice. Where this approach suffers is with my newly acquired iPad. The iPad is quickly becoming my laptop replacement; I do way more with it than is practical with my phone. I've started to bump my head on the roof of Apple's iOS. The limitations can be irritating. I'd be willing to sacrifice a little safety for more options. Perhaps that will come with time.

Re:A price I'm willing to pay? (2)

cyber-vandal (148830) | more than 2 years ago | (#39755757)

Yeh right because Apple want to lower their profits. You still won't be able to upgrade the storage either (unless you pay a lot of money for the crippled Apple solution or even more money for an 8GB flash add-on).

waiting for a clue (4, Funny)

1u3hr (530656) | more than 2 years ago | (#39755561)

Slashdot: "the competing Android platform strains under the wait of repeated malicious code outbreaks."

From TFA: "the competing Android platform strains under the weight of repeated malicious code outbreaks"

It takes a determined idiot to make a spelling mistake when copying and pasting from a website.

Re:waiting for a clue (2, Informative)

Anonymous Coward | more than 2 years ago | (#39755689)

'Cept that if you read the comments in TFA, the original article had "wait" in it and was corrected.

Re:waiting for a clue (0)

Anonymous Coward | more than 2 years ago | (#39755815)

It takes a determined idiot to make a spelling mistake when copying and pasting from a website.

Me thinks this might just be case of posting to slashnot from an iphone with auto-correct [damnyouautocorrect.com] on!

Re:waiting 4 clue: Better causes (1)

geohump (782273) | more than 2 years ago | (#39755973)

> "under the wait of repeated malicious"
> "under the weight of repeated malicious "
>
> "It takes a determined idiot to make a spelling mistake when copying and pasting from a website."

No, All it takes is someone using a Speech Recognition (SR) system.
"wait" and "weight" are pronounced exactly the same way and so identifying the actual word intended by the speaker is harder for the software. The software converts speech to text so quickly these days that most people cant keep up with it and hence miss the chance to proof read whats been produced. Yes, they could make the time to do so after each utterance, but that destroys the flow of how people use SR so it falls by the wayside.

As the price of NaturallySpeaking (From DragonSystems, now owned by Nuance) has dropped to a very low levels (especially around holidays), many more people are using it (and saving themselves from carpal tunnel problems, and/or being able to type a lot faster. 100+ wpm ). Add to that the inclusion of Microsoft's Speech Recognition with Windows, and you have a situation where you are going to have tons of these "speako"s . (Speako is the term which SR users created to label situations where the SR software has generated the wrong text in response to an utterance.)

So something in ewe may want to criticize other peoples work on Slashdot. Eye believe that comes from the lesser part in ewe and ewe should ignore that impulse. It only adds to the noise and generates no extra value or information.

If ewe want to attack this problem, I suggest ewe work on redesigning English as its inconsistencies and lack of word uniqueness are the core of the problem. A long time ago Germany actually past sum loss two fix sum of the tissues with the German language and those changes were successful. The English speaking population of the world could make changes that wood (OK, I'll stop doing that now :-) improve the usability of English. First and foremost would be to normalize spelling around the phonetics of words. Now that we have speech recognizing computers, phonetic drift will slow down and may even stop, just as spelling drift (mostly) stopped when enough of the people in a given population learned to read and write. So a fixed phonetic spelling could become stable and (mostly) unchanging.

Item number two would be simplifying and standardizing punctuation. Each punctuation symbol should have only 1 use, and the use should be a standard and formal one. Example an apostrophe should only be used to show ownership. Contractions dont need an apostrophe so they are simply dropped from cant, dont, its, wont etc.. (So how did "will not" become the contraction "won't" anyway? Thats not a contraction. If it were a contraction it would be "wil'nt" or "willn't". )

Then consider the problem of words that sound the same but have different meanings. These have to be fixed. examples: read, reed, and to two and too. And red and read.

Then there are words that are spelled the same and sound different, examples read and read: "I will read the book." "I have read the book." etc.. Also normalizing verbs. Add "ed" to all verbs for past tense: climbing - climbed is the standard pattern so how about: reading - readed, sleeping - sleeped, sweeping - sweeped, etc..

OK, Thats the basic idea. Go tuit. :)
Sincerely yours,
George Humphrey, founder of the Society for Apostrophe Conservation Solutions. ( SAPS ).

(send any corrections to 1uehr, 'cause I dont char. :) )

This just in (4, Insightful)

GameboyRMH (1153867) | more than 2 years ago | (#39755571)

Crushing authoritarianism leads to lower crime, worth the misery? Film at 11.

Re:This just in (3, Informative)

Lehk228 (705449) | more than 2 years ago | (#39755617)

There already is a secure and fairly libertarian phone out there, blackberry. You can only load signed RIM OS's however you can loa any signed RIM image compatable with your phone, there are betas in the wild to play with, and you can install apps from the browser or the PC software that comes with it. You also have a detailed list of what you will and will not allow. You can allow wifi and bluetooth but block mobile, you can allow SD card but block email and contacts

Re:This just in (1)

Microlith (54737) | more than 2 years ago | (#39756287)

fairly libertarian

You can only load signed RIM OS's

That's pretty authoritarian for a "libertarian" platform.

Re:This just in (2)

BasilBrush (643681) | more than 2 years ago | (#39755903)

Reality check: it's a phone, not your life.

Ooops!!! (1)

Anonymous Coward | more than 2 years ago | (#39755611)

"We looked for iOS malware, but there is none to collect," he said. "It's amazing that there's just none out there."
Ooops! They forgot about FinFisher, the publicly available targeted rootkit for iOS:

http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/

Ridiculous (0)

Anonymous Coward | more than 2 years ago | (#39755645)

Why do they always make it sound like it's completely saturated the play store and other things like that? It is not true at all, if you install apps from some alternative market or some chinese website where you're trying to get some $2 app for free, then you DESERVE a virus for even attempting to use those stupid sites. Get a clue and a life and stop wasting our time with these stupid articles. This is all common sense as far as I'm concerned. If you don't know how to drive, don't get behind the wheel of a car. If you aren't smarter than an electronic device you're using, go read a book.

Fanboid rage...activate! (1)

Anonymous Coward | more than 2 years ago | (#39755733)

This should be good...

SEE? (0)

idbeholda (2405958) | more than 2 years ago | (#39755821)

This is proof that Flashback is nothing more than an exercise in fantasy. How dare these security companies speak ill of Steve Job's creations!

Re:SEE? (1)

kthreadd (1558445) | more than 2 years ago | (#39756087)

Flashback targets Java for OS X, not iOS.

Android vs iOS (0)

Anonymous Coward | more than 2 years ago | (#39755895)

âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.â

Down with Apple's model of controlling everything, it's toxic and evil.

On the other hand, Apple hadrware sucks.... (0)

gweihir (88907) | more than 2 years ago | (#39756005)

And I doubt that the security advantage will keep after all. Give it a bit more time and iOS will be just as virus plagued as Android is. That is to say, not at all for the careful user that realizes these devices are full computers with permanent network connections. I highy doubt iOS is fundamentally more secure than Android, I believe malware authors just need a bit more time, as attacking iOS is harder (but not really hard) and the whole smart-phone ecosystem is pretty new.

we get back to the misplaced notion of money = tru (1)

davydagger (2566757) | more than 2 years ago | (#39756161)

This article is full of shit, there HAVE been malware on iOS, its been reported here before. Macs also crash too. Its just suspense of disbelief. Mac users are so stuck up and bough so far into the cult they cannot admit failure.

Then we get back to the concept we have as a society that money == automatic quality. We have this misplaced notion that paying money to a strict central authority makes something either better or more secure.

Re:we get back to the misplaced notion of money = (0)

Anonymous Coward | more than 2 years ago | (#39756235)

You touched the important thing here. There HAVE been malware on iOS. The difference toward Android is that Apple actually takes responsibility and ships updates to fix these issues. Google, the handset manufacturers and the carriers all blame each other with the result that an Android phone in general does not receive patches at all, ever.

Oh, but you can always root your device and trust some dude called Cyanogen to have the same thing on Android. Exactly the same thing.

You can configure individual permissions (0)

Anonymous Coward | more than 2 years ago | (#39756207)

I have no problems with my Android and feel fairly safe. It is true that by default you cannot define which permissions to allow, the OS still doesn't have that option (4.0.3) but it can easily be solved if you have even a bit of knowledge.

I use LBE Security, an app that allows you to configure which permissions an application can use. You can for instance allow a wallpaper to use your GPS to determine location for weather reports, and network, but deny its permissions to read SMS and access contacts. And that's if you REALLY wanted to use it, because otherwise just reading the permissions list would show you that some would not make sense.

These days more and more developers are careful about not using permissions they dont need, because Android users give them some flak for that.

Another must have tool is DroidWall, just start with a Deny All and configure your iptables rules when an app needs Wifi or 3G access, so you get fairly decent firewalling.

Rampant Fanboyism (3, Informative)

Thumper_SVX (239525) | more than 2 years ago | (#39756251)

Wow... the last time I saw such rampant fanboyism is when I badmouthed the original iPad here on Slashdot on the day of release. Of course, every one of my comments was completely on the mark... and this from someone who still has an original iPad that gets used when I take business trips and almost no other time in my life. But I digress.

Seriously? I had to do a doubletake when I read the summary, and had to take a few more when I read the article. I have run an Android phone for over a year now and I am seriously happy with it. It's not failing under the "crushing weight of viruses" any more than my aging but still useful iPhone 3GS is (I use it as an iPod because I bought into the iTunes ecosystem years ago and it happens to integrate beautifully with my car). I install apps on both depending on my utilization and needs, and neither has been unduly burdened with malware. Of course, my Android phone actually tells me what an application wants to do while I install it, thus providing the knowledgeable user some modicum of security. And yes, every app I install I read those and make a decision whether the app is asking for appropriate rights or not. And yes, I've refused some apps because of it. Of course, I AM a knowledgeable user and that kind of security doesn't help Joe Schmoe with his free smartphone with a 2 year contract and no lube... but one of the central tenets of security is that people are the weakest link in any security chain and that will never change.

So far I've found my only complaint with Android is that it fails under the crushing weight of battery technology that can't cash the check the manufacturers of the device wrote. But at least with Android I can have a second battery hanging around that I can swap in at any time... can't do that with an iPhone unless you're a really determined hardware hacker. Yes, I can improve it slightly by turning off all my antennae but then I am running a dumb phone with games on it... I have a smartphone so it can be connected anywhere at any time. Of course, many of the apps I install probably don't help... but that's a choice I make. Because the charging port is completely standard I just took my charger and left it at work; I use my Kindle's charger at home to keep my phone charged at night because really... how often do I need my Kindle?

As a past and current iOS user (sometimes), AND an Android user I find the article FUD. Actually, can I mod it trollbait?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...