Kaspersky denied iOS app: Apple buries its head in the security sand
Apple has denied Kaspersky's bid to develop anti-virus software for iOS devices, including the iPhone and iPad, and has warned that the decision will only lead to malware writers targeting the mobile operating system in the future.
Speaking to The Register, the security firm's founder and chief executive Eugene Kaspersky said he was "a little bit disappointed" because "Apple won’t let us" develop a security solution for iOS.
iOS may not need protection, but Apple's reputation certainly does. The company looks weak in security circles. It was only a few weeks since Kaspersky claimed Apple was "10 years behind Microsoft" security wise.
Apple continues to bury its head over iOS and OS X security and seems to have no interest in changing its position. Even when Apple can't ignore a major malware attack, it stumbles into action days or weeks later. The rest of the time it sticks its fingers in its ears in the face of anybody criticising it.
For malware writers to successfully attack iOS en masse, malware has to pass itself off as an application and successfully navigate through the Apple App Store vetting procedure.
This is what happened with Charlie Miller. He wrote an application that phoned home to his server and injected code into his application. He was ultimately booted out of the Apple Developer Program for not only breaking the phone-home rules, but for knowingly deceiving Apple during the submission process.
The other way is if iPhones and iPads are jailbroken and third-party applications --- with no application store vetting procedure --- is installed by the owner. Apple will likely say while jailbreaking is legal, it does not recommend it and will void the user's warranty. If iPhone or iPad users become infected with malware on a jailbroken device, it's not Apple's problem.
Except: it is. Apple can disassociate itself from jailbroken iPhones and iPads, but the brand damage alone will harm the company.
iOS currently has 29.9 percent of the global mobile market share according to recent Gartner figures, and 30.7 percent according to comScore's latest poll.
But because mobile market share is increasingly important and gaining on desktop or tablet numbers, it should come as no surprise that mobile devices are the next target on the malware writers' list.
Android and iOS take up the number one and two spots in global market share, though Android is way ahead of iOS. But Google Play, the new name for the Android Market, is far from perfect. No more than a month after Google said it would automatically scan uploaded Android applications for malware, malware writers found another attack route: mobile websites.
iPhones and iPads will be next on the list. It's inevitable, and bound to happen.
For Kaspersky, it cannot develop security features for iOS because Apple's SDK simply doesn't allow it. The antivirus maker notes that attacking iOS is "more complicated".
"They are happy with Windows computers. Now they are happy with Mac. They are happy with Android. It is much more difficult to infect iOS but it is possible and when it happens it will be the worst-case scenario because there will be no protection," Kaspersky said.
Apple still believes that Macs can do no wrong, and though it no longer makes the claim that Macs "doesn't get PC viruses," but it believes it can still say the same about iOS.
Macs have seen two major attacks in as many years: first with the Mac Defender outbreak, and this year with more than 600,000 Macs attacked by Flashback malware. As ZDNet's Ed Bott succinctly puts it, the Flashback episode alone has thoroughly "exposed Apple’s security weak spots."
Windows has always been an attractive target for malware writers, with more than 90 percent of the global market share, while Apple has around 5--7 percent of the market. However, Apple's share is on the increase by around one percentage point per year.
On two fronts: by denying Kaspersky or any other malware protection company from the App Store shows weakness in long-term planning. It also looks weak if it does allow in anti-virus software, because it paints the impression that iOS is vulnerable and requires third-party help to stay secure.
The reason it doesn't is because Apple thinks iOS is not vulnerable to malware. And if you take jailbroken devices, that's the customer's decision and out of Apple's hands. If iOS does get attacked, Apple will likely take the same position it did with the Mac Defender malware and the Flashback outbreak by acting only after it is forced to do so by pressure from the public and the press.
Image credit: Josh Lowensohn/CNET.
Related:
- Has Apple done enough to fight malware on Macs?
- Gartner: Samsung steals Nokia's crown as global phone leader
- comScore: RIM, Microsoft face mobile market share crisis
- CNET: Kaspersky: Mac security is '10 years behind Microsoft'
- Apple boots security guru who exposed iPhone exploit
- Google now scanning Android apps for malware
- ZDNet: Malware charges users for free Android apps on Google Play