Yea, when I saw 1 million downloads total I was surprised it was so few. That is very few downloads per app as well.
So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.
Appstore transactions abide to local laws and regulations. I certainly do not know the specific laws about personal data privacy in the US but I do know that it is ilegal (plain and simple) to collect personal data of users without notification or/and their consent.
So it is ilegal in many countries (and if it is not the case in the US I would be quite surprised).
Is it really that hard to check what data is being collected by an app? I'd envision a test setup where the app runs on a simulated iPhone which monitors any access to phone data and triggers upon any funny stuff. Then you lets that simulator run for some time and add typical user interaction, or some subset of the state-space. Hm. Maybe too conplex?
Alternatively, don't allow acces to such data unless it's going through approved APIs.
I agree that one major, and maybe most significant advantage and differentiating criteria is that you could trust blindly any app from their store. Not more than other competitors stores, not 98%. 100%. That's what built the Eco system.
If its delayed, how would you test that. That code might be created and executed at runtime. They should look if apps are trying to use these kind of constructs though, but that would need a closer exam of the code logic.
Yea, when I saw 1 million downloads total I was surprised it was so few. That is very few downloads per app as well.
So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.
That's the whole point. It's completely meaningless that it's such a small percentage of the total, or such a small total amount.
When identity thieves work under other circumstances, if they work 10 hours a day, 5 days a week for three months and only succeed five times out of hundreds of times getting past the first stage it's considered a good score for three months. Similarly, in the malware world, as far as whether a system is secure or not, it doesn't matter if there were a million attempts and 20 succeeded or a thousand and 10 did. You can have a 99.5% winning average against exploits and get ruined by the remainder.
You can't apply ratios that sound good in other contexts to this as if proof of its trivial nature. A million isn't a little. It's a lot. Holding it up against a huge total figure instead of a small total does nothing to diminish that.
Comments
Yea, when I saw 1 million downloads total I was surprised it was so few. That is very few downloads per app as well.
So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.
its 1.7 million apps not billion
True. But it is still 0.002%.
"Illegal"? No. Against Apple's rules? Yes.
Appstore transactions abide to local laws and regulations. I certainly do not know the specific laws about personal data privacy in the US but I do know that it is ilegal (plain and simple) to collect personal data of users without notification or/and their consent.
So it is ilegal in many countries (and if it is not the case in the US I would be quite surprised).
Is it really that hard to check what data is being collected by an app? I'd envision a test setup where the app runs on a simulated iPhone which monitors any access to phone data and triggers upon any funny stuff. Then you lets that simulator run for some time and add typical user interaction, or some subset of the state-space. Hm. Maybe too conplex?
Alternatively, don't allow acces to such data unless it's going through approved APIs.
I agree that one major, and maybe most significant advantage and differentiating criteria is that you could trust blindly any app from their store. Not more than other competitors stores, not 98%. 100%. That's what built the Eco system.
If its delayed, how would you test that. That code might be created and executed at runtime. They should look if apps are trying to use these kind of constructs though, but that would need a closer exam of the code logic.
Dev already bitch that approval time is too long.
Yea, when I saw 1 million downloads total I was surprised it was so few. That is very few downloads per app as well.
So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.
That's the whole point. It's completely meaningless that it's such a small percentage of the total, or such a small total amount.
When identity thieves work under other circumstances, if they work 10 hours a day, 5 days a week for three months and only succeed five times out of hundreds of times getting past the first stage it's considered a good score for three months. Similarly, in the malware world, as far as whether a system is secure or not, it doesn't matter if there were a million attempts and 20 succeeded or a thousand and 10 did. You can have a 99.5% winning average against exploits and get ruined by the remainder.
You can't apply ratios that sound good in other contexts to this as if proof of its trivial nature. A million isn't a little. It's a lot. Holding it up against a huge total figure instead of a small total does nothing to diminish that.