Security Nightmare in the iPhone App Gold Rush
Just how safe is it to download and use, say, an application that can access an Amazon account and make purchases with one click? (Gulp!)
Give up? Its mobile applicationsprimarily on Apples iPhone/Touch, but also rapidly coming along on other platforms.
No, user-installable applications arent anything new on small mobile devices. Weve seen them for years: Newton, Palm, Blackberry, and others. But leave it to Apple to find the right special sauce to make them wildly popular.
I just heard about an iPhone application that simulates a fart noise, where the developer has made some $40,000 in just a couple months. Even if that number is exaggerated, it still represents a gold rush sort of phenomenon.
Is anyone else concerned about the security of this new gold rush? Just how safe is it to download and use, say, an application that can access my Amazon account and make purchases with one click? (Gulp!)
Ill venture this: even if the consumers of these apps are blissfully unconcerned by the security perils they face, there are plenty of otherssome good, some notwho are taking a much closer look at the underpinnings of this gold rush, looking for opportunities of their own. Im in the process of exploring that question in some more technical detail myself (more on that later).
For now, lets take a quick look at some of the basic architectural issues that are in play with the advent and wild popularity of todays mobile application environment.
The first wave of applications weve seen on the iPhone/Touch have been in a few different general categories. Stand-alone apps and games are one big categorybasically, apps that require no special network connectivity in order to be able to run effectively.
We also have networked apps that simply acquire and display data from network sourcesthink news headlines, weather reports, and that sort of thing. Then there are full-blown network apps that require authentication via user login credentials, and access the users account information on a server somewherethink Amazon, Facebook, and the Apple application store itself. Most of the networked applications weve seen to date are basically mobile desktop versions of their web-based counterparts.
Now, each of these applications carry with them some degree of risk. Ive mentioned here previously that (at least early versions of) iPhone firmware run all user applications with root privileges. Thus, even a standalone app can potentially do some harm on the host device.
But its not just as simple as downloading some malware and running it on the device, right? After all, theres the Apple application store that does some screening of the applications before theyre accepted in the app store. Doesnt that buy us some security?
Well, it does and it doesnt. The good news is that the applications must be signed by the person who generated them, and its a relatively closed community. The bad news is that signing applications only tells us so much. Notwithstanding the recent attacks against MD5 certificates used by SSL and others, signed applications give us a pretty good indication of who wrote the application. Further, the folks at Apple review applications, but my bet is that the reviews consist of verifying policies, and not so much checking the security of each application.
I wouldnt expect, for example, that Apples review process would ensure a client/server application uses a sound identification and authentication scheme that encrypts the users credentials while theyre in transit and while theyre at rest on the server side. I wouldnt expect the review process checks anything at all on the server side, for that matter.
My main point here is that its a rapidly changing dynamic environment, and we dont fully understand all the ramifications of that yet. Clearly, time will illuminate the issues more clearly. For now, I sure hope the application developers arent consumed by a gold rush mentality and that theyre practicing safe development methods to ensure all the good stuffsolid authentication, encryption of sensitive data, input validation, etc.are being thoroughly addressed in the code they release into the wild.
Its very much a gold rush, and a major mistake would do a great deal of harm to us all. The fact that the applications themselves are generating such interest and revenue, even in our troubled economic climate, is a wonderful thing to see unfold. Lets not ruin it by making stupid mistakes, please!