“Everyone knows there’s no iOS malware, right?” Larry Seltzer writes for ZDNet. “Strictly speaking, there is. As a practical matter, there isn’t. At least if you stick with the official Apple store, you are more likely to win Powerball than to be hit by iOS malware.”
“But to make that ‘strictly speaking’ point, FortiGuard Labs’s Axelle Apvrille (‘the Crypto Girl’) felt it necessary to list all the iOS malware on record — all 11 instances, eight of which work only on jailbroken phones,” Seltzer writes. “Apple’s business practices for app distribution have made it nearly impossible to get malicious software to users. Unlike on Android where you can, and many do, choose to get apps from third-party stores, with iOS there is exactly one place you can get your software: Apple’s App Store.”
“It’s not like iOS isn’t an inviting target,” Seltzer writes. “There are zillions of devices out there and iOS customers have shown that they are willing to spend money on apps.”
MacDailyNews Take: Yet another nail in Security via Obscurity’s coffin of nails.
“Instinctively, I don’t like the tight control Apple has over their app ecosystem, but I’ve long ago given up objecting to it,” Seltzer writes. “They got it right, which is why Microsoft is copying the model closely. What could never work on PCs and Macs works great on mobile.”
Read more in the full article here.
MacDailyNews Take: How stupid does one have to be to settle for a fragmandroid phone when an Apple iPhone is right there for the taking? When Apple finally, blessedly gets around to releasing an iPhone with a larger screen than the current 4-inches, Android is dead at the high and mid/high end (quality customers, which the only type of customer that really matters).
Related articles:
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010
I wonder if this thread will attract any of the outspoken phandroids who think android is more secure than iPhone cause that what Schmidthead told them.
Its funny reading the comments on some sites written by the android crowd. They’re quite a strange bunch
Part of the reason I gave up Windows is that I used to love tinkering with my machine, but I reached a point where I couldn’t be bothered anymore, I just wanted it to work the way I wanted it to and leave it at that. Whereas with windows I felt like I had to constantly tinker, with OS X I could if I wanted but in know way did I ever have to.
Agree 100%.. I have moved beyond the need for tinkering with the tools and now I want to focus on what i use the tools for so I prefer to delegate device management to a trust worthy partner (Apple).
Apple’s so-called “walled garden” is simply a quality control tool, not unlike testers at Heinz that ensure they’re not poisoning their customers with bad catsup. Kind of a no-brainer, in my opinion.
Another way to think of it is:
– Apple has a curated garden, no weeds allowed. But a few have snuck in.
– Android allows in anything, including at Google’s store. The weeds don’t get pulled unless someone complains. There have been thousands of weeds.
That should say, “No Noxious Weeds Allowed”.
Good point. There certainly have been and are lots of crapware Apple has let pass the garden gate. Just last week a gang of us got Apple to throw out 3 out of 4 pieces of crap, one of which faked being 1Password, as in even using the name ‘1Password’. That was an apex of Apple bungling. Not perfect, just best…
Unfortunately situations like the recent “iPhones held ransom” incident will be attributed to iOS vulnerability when they’re actually a case of users not taking care of their passwords.
The Apple device ransom details are still not all in. Everything points to there being a couple different attacks. The Russian attack gathered Apple user IDs and passwords via a couple social engineering tricks, phishing and fraudulent media sales. Their scam didn’t involve Paypal, despite confusion to the contrary. The ‘other’ attack was the more well known ‘Oleg Pliss’ attack that started in Australia.
In all cases, the ‘Find My Mac’ system was compromised, locking victim’s Apple devices, be they OS X or iOS. All of the attacks have been recoverable as long as users follow the #1 Rule of Computing: Make a backup. If they didn’t, they got hosed.
No money was actually collected in any of the attacks. The ‘Oleg Pliss’ attack never even set up an actual account for collecting money. That one appears to have been entirely a ‘proof of concept’ attack, never intended to be real.
I wrote up the current situation last night here:
http://mac-security.blogspot.com/2014/06/apple-device-ransom-attack-revelations.html
There will be more to come, no doubt.
I wonder how many of these viruses are in-the-wild or just proof-of-concept, because I read different numbers a couple months ago: over 200 mobile targeted viruses, with 1 for jail-broken iPhones, 1 for Sybian and the rest targeting Android.
Ah, you rang the bell I was hoping for.
Here is the source list noted in this article:
https://blog.fortinet.com/iOS-malware-do-exist/
The author rather nicely documented what was going on with each malware. I have to get in touch with her and confer. If you actually READ what she provided, you find this:
1) There are NO current malware for un-jailbroken iOS. Not-a-one.
2) In the past there have been 3 iOS malware offered at the Apple iTunes Store. Actually, there have been 4. She left out one of famous proof-of-concept malware. In any case, they break down as follows:
– 1 proof of concept spyware.
– 1 ripoff phone charge malware.
– 1 spyware.
Apple yanked all 3 (4) out of the store. They had slipped through Apple’s vetting system.
Then there have been the malware specific to jailbroken iOS devices. I personally have no sympathy and don’t care. But there have been 8 such malware:
– 1 was a proof-of-concept worm.
– 3 were spyware, including 1 keylogger.
– 1 hijacked ad revenue from the Internet.
– 1 stole user passwords
– 1 forwarded SMS message (new to me!)
That’s all. We know Apple’s vetting system has let in a few two actual nasties. One ripped you off with bogus calls and their costs. One spied on your contacts, both email and phone, and spammed them.
Compare that to the exponentially increasing mass of thousands of Android malware and you realize there’s no contest. You simply figure out that Apple is never perfect, just incredibly good.
ERROR. Make the 4 spyware among the jailbroken iOS device malware. That adds up to 8. √