"For its part, Path issued an apology and gave users the option to opt out,…"
The classy way to do it would be on an "opt in" basis.
Actually Path did exactly that but it was reported incorrectly by a blog and then every tech blog copied that blog ...
That's part of the trouble with so called "tech journalism" today. They all feed on each other and rarely does anyone make a simple phone call to the source to check the facts out.
Path announced they were wiping all previously uploaded data and that the new app version would then ask people if they wanted to "opt in" on the sharing, but it's been reported as the opposite ever since, for the reasons stated above.
It's a shame that you're demanding Apple treat all of their developers as criminals. Because some act poorly, Apple should punish everybody. What you want is developers with ethics. Perhaps they're rare now.
I lock my car and take the keys with me when I leave it sitting. I certainly don't think that everyone will try to open the door and steal it and know perfectly well that you can break a window instantly. That doesn't mean I don't take this precaution to prevent a crime of opportunity from occuring. I am being as proactive about the security as I can be within reason.
It's a shame that you're demanding Apple treat all of their developers as criminals. Because some act poorly, Apple should punish everybody. What you want is developers with ethics. Perhaps they're rare now.
I agree with SolipsismX here.
Ignorance can't be bliss. It's not about wanting developers with ethics, it's about not having to worry about the issue at all, and wondering if Apple did their diligence in vetting an app.
I'm not a developer, so I have no first hand knowledge of Apple's app approval process. And as a lazy bum, I've not tried to find any second hand knowledge either.
So, perhaps someone more industrious can help me out. Exactly what is included in Apple's app approval process? Do developers actually submit source code with their apps? Does Apple actually review that code? How would they determine what Path was doing?
You only submit the completed work, so Apple does not have code.
But that isn't as damning as it sounds. You are calling Apple APIs when you write on iOS and iOS is locked down pretty tight. They could easily determine 1) what you are accessing and 2) if you send it somewhere.
I am sure it isn't perfect though. Nothing ever is.
I'm not a developer, so I have no first hand knowledge of Apple's app approval process. And as a lazy bum, I've not tried to find any second hand knowledge either.
So, perhaps someone more industrious can help me out. Exactly what is included in Apple's app approval process? Do developers actually submit source code with their apps? Does Apple actually review that code? How would they determine what Path was doing?
Developers do not submit source code. Apple does not review any source code. You submit a binary along with any resources like images in a single package file.
Apple has no way of knowing 100% what an app will do once it's live. There are multiple cases of developers submitting apps that deviated from their advertised functionality later. The flashlight app that had an easter egg that let it become a wifi proxy comes to mind. Apple took the app down as soon as they learned about it, but that shows there's a limitation to what can be verified during the review process.
Apple does have a binary scanner that finds things like unauthorized use of APIs. In theory, they could scan for calls to the address book and reject if the app has no good reason to access those features. But even a binary scanner is very limited in what it can find.
A quarter of them? I can't imagine what the other 21 would be.
I see these listed:
~Services that cost you Money (that a good one to know about, don't you think?)
~Storage - You already showed this one
~Your Personal Information - You showed that one too, and Apple agrees with getting your permission
~Phone call - Yup, that's in your screenshot
~Location - Another I think you should know about, and so does Apple
~Network Communication - In your screenshot and something you better know about.
~System tools - Again in your list
~Hardware controls - Not of much use IMO, unless you're worried why a kid's game wants to turn on the camera.
~Your Accounts ~ Another permission that's not really useful IMO.
Let's see. I count 9
There is a subset of permissions under each of those major sections (i.e services can include "phone calls" or "sms/mms" as two separate permissions). I believe that is where the higher number comes from.
Developers do not submit source code. Apple does not review any source code. You submit a binary along with any resources like images in a single package file.
Apple has no way of knowing 100% what an app will do once it's live. There are multiple cases of developers submitting apps that deviated from their advertised functionality later. The flashlight app that had an easter egg that let it become a wifi proxy comes to mind. Apple took the app down as soon as they learned about it, but that shows there's a limitation to what can be verified during the review process.
Apple does have a binary scanner that finds things like unauthorized use of APIs. In theory, they could scan for calls to the address book and reject if the app has no good reason to access those features. But even a binary scanner is very limited in what it can find.
If a developer wanted to hide some nasty stuff it is easy to do by simply putting a date limitation if statement so the function does not activate until a date after when Apple is likely to be reviewing the app. Once the app goes live it wouldn't be very long before the community will discover the hidden functionality and they get the boot. So there is only a very small window of opportunity in which they can take advantage of unsuspecting users.
There is a subset of permissions under each of those major sections (i.e services can include "phone calls" or "sms/mms" as two separate permissions). I believe that is where the higher number comes from.
This site lists 22 of them, but it's from 2010. I assume they have added more since then. The only one I can see that isn't really something I need to be warned about ahead of time is the Control Vibrator of the device.
iPhone is more likely to run into the same sorts of security issues that Windows had due to popularity. It is more secure then, say, Windows XP. Still, Apple is betting on the app approval process and a locked down API to keep things secure. I just don't see it as being a flawless system. Even now you could suggest it isn't working as apps are doing things with your personal data without your knowledge. People will live with this (thank you Facebook), but I believe this is just the beginning.
I have to believe that iOS will eventually be hit with something major. What happens then is anyone's guess. Simply because I believe something will happen, doesn't mean iOS instantly becomes "Windows Vista". Android is the wild west and is worse. Verizon recommended I have a security program on my Android when I bought it 2 years ago. Only time will tell if Microsoft has gotten security right on Windows Phone.
The only way to be more secure then iOS would be to lock something down to a point of being practically useless. (IE - First gen iPhone....before apps ).
For the time being, iOS might be the best you can do until we start giving hackers and spammers the death penalty instead of jobs.
PS:For the record, even though Windows Vista was an unstable, annoying turd, it was actually more secure than Windows XP if you ran it the way Microsoft intended. Not an endorsement as it really did suck for many reasons.
I have to believe that iOS will eventually be hit with something major. What happens then is anyone's guess.
They've said this about OS X for the past decade. It never happened. My memory's worthless, but I think I recall Mac OS 9 having more viruses/exploits/what have you than OS X has ever had.
If a developer wanted to hide some nasty stuff it is easy to do by simply putting a date limitation if statement so the function does not activate until a date after when Apple is likely to be reviewing the app. Once the app goes live it wouldn't be very long before the community will discover the hidden functionality and they get the boot. So there is only a very small window of opportunity in which they can take advantage of unsuspecting users.
Not a lot of upside to trying anything shady.
Depending on what you do with the exploit, that small window might be all the time you need. People have gotten very rich on small windows.
Imagine if used a number of active apps check. Granted, the exploit may never reach activation, but the check would just look like a normal REST/SOAP call to Apple and they would ignore it. If it waited until there were 100,000 active apps to do the dirty work, it could do a lot in a small window of time.
iPhone is more likely to run into the same sorts of security issues that Windows had due to popularity. It is more secure then, say, Windows XP. Still, Apple is betting on the app approval process and a locked down API to keep things secure. I just don't see it as being a flawless system.
Of course it's not flawless but it's a lot more secure than Windows and always will be. It's built into the model. They control what apps are approved and they pull them from the store and even remove them from your device if needed. They sandbox most of the apps.
This is something that desktop apps simply don't yet do. Even Android is safer than Mac OS X in some way (yes I just said that) because Google can pull an app that is overstepping it's reach from any connected device. I hope Apple will initiate more of the iOS App Store controls into the Mac App Store but since they won't be removing the access to 3rd-party apps that you install yourself there is always a chance you can install a trojan. I don't even know what apps have access my Address Book and iCal data on my Mac but I assume they can access all the unencrypted data I have ~/Library if they choose to.
If it waited until there were 100,000 active apps to do the dirty work, it could do a lot in a small window of time.
I suppose if they wrote an app that actually was popular enough to gain 100K users. At that point it would make more sense to offer paid version and get on the legit gravy train. I think we can primarily thank the jail breakers for discovering exploits because they have tools to watch packets.
They've said this about OS X for the past decade. It never happened. My memory's worthless, but I think I recall Mac OS 9 having more viruses/exploits/what have you than OS X has ever had.
I think that is because the Mac user is generally a more tech savy customers and a lot of morons own a PC. Generally people that can afford Macs make more money and have some form of higher education.
Everyone is getting an iPhone. Some moron, somewhere, will install something that promises to make them rich.
It is hard to protect your device form the dumb masses.
Of course it's not flawless but it's a lot more secure than Windows and always will be. It's built into the model. They control what apps are approved and they pull them from the store and even remove them from your device if needed. They sandbox most of the apps.
This is something that desktop apps simply don't yet do. Even Android is safer than Mac OS X in some way (yes I just said that) because Google can pull an app that is overstepping it's reach from any connected device. I hope Apple will initiate more of the iOS App Store controls into the Mac App Store but since they won't be removing the access to 3rd-party apps that you install yourself there is always a chance you can install a trojan. I don't even know what apps have access my Address Book and iCal data on my Mac but I assume they can access all the unencrypted data I have ~/Library if they choose to.
The part you fail to see is that Windows security issues generally come from exploits. Unintended holes that are discovered by some hacker. Being built the way it is makes it far less likely to happen, on that much we can agree. But it doesn't make it impossible.
And in general I am talking more about spyware-ish like software. Not a trojan or major virus. Those would be virtually impossible to pull off. Same is true of Android - well as long as you are not rooted/jailbroken.
I suppose if they wrote an app that actually was popular enough to gain 100K users. At that point it would make more sense to offer paid version and get on the legit gravy train. I think we can primarily thank the jail breakers for discovering exploits because they have tools to watch packets.
Well, you have a point there. But criminals don't end up in jail because they are smart.
Comments
"For its part, Path issued an apology and gave users the option to opt out,…"
The classy way to do it would be on an "opt in" basis.
Actually Path did exactly that but it was reported incorrectly by a blog and then every tech blog copied that blog ...
That's part of the trouble with so called "tech journalism" today. They all feed on each other and rarely does anyone make a simple phone call to the source to check the facts out.
Path announced they were wiping all previously uploaded data and that the new app version would then ask people if they wanted to "opt in" on the sharing, but it's been reported as the opposite ever since, for the reasons stated above.
It's a shame that you're demanding Apple treat all of their developers as criminals. Because some act poorly, Apple should punish everybody. What you want is developers with ethics. Perhaps they're rare now.
I lock my car and take the keys with me when I leave it sitting. I certainly don't think that everyone will try to open the door and steal it and know perfectly well that you can break a window instantly. That doesn't mean I don't take this precaution to prevent a crime of opportunity from occuring. I am being as proactive about the security as I can be within reason.
Sounds like Vista for iOS
Android is too convoluted, Vista was too numerous, and iOS simply isn't enough to be useful.
It's a shame that you're demanding Apple treat all of their developers as criminals. Because some act poorly, Apple should punish everybody. What you want is developers with ethics. Perhaps they're rare now.
I agree with SolipsismX here.
Ignorance can't be bliss. It's not about wanting developers with ethics, it's about not having to worry about the issue at all, and wondering if Apple did their diligence in vetting an app.
I'm not a developer, so I have no first hand knowledge of Apple's app approval process. And as a lazy bum, I've not tried to find any second hand knowledge either.
So, perhaps someone more industrious can help me out. Exactly what is included in Apple's app approval process? Do developers actually submit source code with their apps? Does Apple actually review that code? How would they determine what Path was doing?
You only submit the completed work, so Apple does not have code.
But that isn't as damning as it sounds. You are calling Apple APIs when you write on iOS and iOS is locked down pretty tight. They could easily determine 1) what you are accessing and 2) if you send it somewhere.
I am sure it isn't perfect though. Nothing ever is.
I'm not a developer, so I have no first hand knowledge of Apple's app approval process. And as a lazy bum, I've not tried to find any second hand knowledge either.
So, perhaps someone more industrious can help me out. Exactly what is included in Apple's app approval process? Do developers actually submit source code with their apps? Does Apple actually review that code? How would they determine what Path was doing?
Developers do not submit source code. Apple does not review any source code. You submit a binary along with any resources like images in a single package file.
Apple has no way of knowing 100% what an app will do once it's live. There are multiple cases of developers submitting apps that deviated from their advertised functionality later. The flashlight app that had an easter egg that let it become a wifi proxy comes to mind. Apple took the app down as soon as they learned about it, but that shows there's a limitation to what can be verified during the review process.
Apple does have a binary scanner that finds things like unauthorized use of APIs. In theory, they could scan for calls to the address book and reject if the app has no good reason to access those features. But even a binary scanner is very limited in what it can find.
A quarter of them? I can't imagine what the other 21 would be.
I see these listed:
~Services that cost you Money (that a good one to know about, don't you think?)
~Storage - You already showed this one
~Your Personal Information - You showed that one too, and Apple agrees with getting your permission
~Phone call - Yup, that's in your screenshot
~Location - Another I think you should know about, and so does Apple
~Network Communication - In your screenshot and something you better know about.
~System tools - Again in your list
~Hardware controls - Not of much use IMO, unless you're worried why a kid's game wants to turn on the camera.
~Your Accounts ~ Another permission that's not really useful IMO.
Let's see. I count 9
There is a subset of permissions under each of those major sections (i.e services can include "phone calls" or "sms/mms" as two separate permissions). I believe that is where the higher number comes from.
Developers do not submit source code. Apple does not review any source code. You submit a binary along with any resources like images in a single package file.
Apple has no way of knowing 100% what an app will do once it's live. There are multiple cases of developers submitting apps that deviated from their advertised functionality later. The flashlight app that had an easter egg that let it become a wifi proxy comes to mind. Apple took the app down as soon as they learned about it, but that shows there's a limitation to what can be verified during the review process.
Apple does have a binary scanner that finds things like unauthorized use of APIs. In theory, they could scan for calls to the address book and reject if the app has no good reason to access those features. But even a binary scanner is very limited in what it can find.
If a developer wanted to hide some nasty stuff it is easy to do by simply putting a date limitation if statement so the function does not activate until a date after when Apple is likely to be reviewing the app. Once the app goes live it wouldn't be very long before the community will discover the hidden functionality and they get the boot. So there is only a very small window of opportunity in which they can take advantage of unsuspecting users.
Not a lot of upside to trying anything shady.
There is a subset of permissions under each of those major sections (i.e services can include "phone calls" or "sms/mms" as two separate permissions). I believe that is where the higher number comes from.
This site lists 22 of them, but it's from 2010. I assume they have added more since then. The only one I can see that isn't really something I need to be warned about ahead of time is the Control Vibrator of the device.
Apple on Wednesday announced a future update to iOS will restrict App Store software from accessing a user's address book without their permission.
Good for Apple!
Now THAT is the way to handle problems!
I have to believe that iOS will eventually be hit with something major. What happens then is anyone's guess. Simply because I believe something will happen, doesn't mean iOS instantly becomes "Windows Vista". Android is the wild west and is worse. Verizon recommended I have a security program on my Android when I bought it 2 years ago. Only time will tell if Microsoft has gotten security right on Windows Phone.
The only way to be more secure then iOS would be to lock something down to a point of being practically useless. (IE - First gen iPhone....before apps
For the time being, iOS might be the best you can do until we start giving hackers and spammers the death penalty instead of jobs.
PS:For the record, even though Windows Vista was an unstable, annoying turd, it was actually more secure than Windows XP if you ran it the way Microsoft intended. Not an endorsement as it really did suck for many reasons.
I have to believe that iOS will eventually be hit with something major. What happens then is anyone's guess.
They've said this about OS X for the past decade. It never happened. My memory's worthless, but I think I recall Mac OS 9 having more viruses/exploits/what have you than OS X has ever had.
It's about bloody time as this issue has been in the media for several minutes now¡
If a developer wanted to hide some nasty stuff it is easy to do by simply putting a date limitation if statement so the function does not activate until a date after when Apple is likely to be reviewing the app. Once the app goes live it wouldn't be very long before the community will discover the hidden functionality and they get the boot. So there is only a very small window of opportunity in which they can take advantage of unsuspecting users.
Not a lot of upside to trying anything shady.
Depending on what you do with the exploit, that small window might be all the time you need. People have gotten very rich on small windows.
Imagine if used a number of active apps check. Granted, the exploit may never reach activation, but the check would just look like a normal REST/SOAP call to Apple and they would ignore it. If it waited until there were 100,000 active apps to do the dirty work, it could do a lot in a small window of time.
iPhone is more likely to run into the same sorts of security issues that Windows had due to popularity. It is more secure then, say, Windows XP. Still, Apple is betting on the app approval process and a locked down API to keep things secure. I just don't see it as being a flawless system.
Of course it's not flawless but it's a lot more secure than Windows and always will be. It's built into the model. They control what apps are approved and they pull them from the store and even remove them from your device if needed. They sandbox most of the apps.
This is something that desktop apps simply don't yet do. Even Android is safer than Mac OS X in some way (yes I just said that) because Google can pull an app that is overstepping it's reach from any connected device. I hope Apple will initiate more of the iOS App Store controls into the Mac App Store but since they won't be removing the access to 3rd-party apps that you install yourself there is always a chance you can install a trojan. I don't even know what apps have access my Address Book and iCal data on my Mac but I assume they can access all the unencrypted data I have ~/Library if they choose to.
If it waited until there were 100,000 active apps to do the dirty work, it could do a lot in a small window of time.
I suppose if they wrote an app that actually was popular enough to gain 100K users. At that point it would make more sense to offer paid version and get on the legit gravy train. I think we can primarily thank the jail breakers for discovering exploits because they have tools to watch packets.
They've said this about OS X for the past decade. It never happened. My memory's worthless, but I think I recall Mac OS 9 having more viruses/exploits/what have you than OS X has ever had.
I think that is because the Mac user is generally a more tech savy customers and a lot of morons own a PC. Generally people that can afford Macs make more money and have some form of higher education.
Everyone is getting an iPhone. Some moron, somewhere, will install something that promises to make them rich.
It is hard to protect your device form the dumb masses.
But I reserve the right to be wrong.
Of course it's not flawless but it's a lot more secure than Windows and always will be. It's built into the model. They control what apps are approved and they pull them from the store and even remove them from your device if needed. They sandbox most of the apps.
This is something that desktop apps simply don't yet do. Even Android is safer than Mac OS X in some way (yes I just said that) because Google can pull an app that is overstepping it's reach from any connected device. I hope Apple will initiate more of the iOS App Store controls into the Mac App Store but since they won't be removing the access to 3rd-party apps that you install yourself there is always a chance you can install a trojan. I don't even know what apps have access my Address Book and iCal data on my Mac but I assume they can access all the unencrypted data I have ~/Library if they choose to.
The part you fail to see is that Windows security issues generally come from exploits. Unintended holes that are discovered by some hacker. Being built the way it is makes it far less likely to happen, on that much we can agree. But it doesn't make it impossible.
And in general I am talking more about spyware-ish like software. Not a trojan or major virus. Those would be virtually impossible to pull off. Same is true of Android - well as long as you are not rooted/jailbroken.
I suppose if they wrote an app that actually was popular enough to gain 100K users. At that point it would make more sense to offer paid version and get on the legit gravy train. I think we can primarily thank the jail breakers for discovering exploits because they have tools to watch packets.
Well, you have a point there. But criminals don't end up in jail because they are smart.