Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Permalink for comment 557314
To read all comments associated with this story, please click here.
RE[4]: it happens to everyone
by Tony Swash on Tue 2nd Apr 2013 11:41 UTC in reply to "RE[3]: it happens to everyone"
Tony Swash
Member since:
2009-08-22

Tony Swash,

Do you have evidence at all that IOS as an operating system is technically more secure than any of the other mobile platforms or are you claiming things merely because they fit within your world view? It's a serious question. Please provide a source with real details explaining exactly how the IOS operating system is more secure without any of the usual apple fanboy spin-doctored BS.


First of all a general point. Apple screens all software before allowing it to appear in the iOS app store. Google does not screen apps before allowing it to appear in Google Play.

I think that checking for malware is more likely to detect malware than not checking for it even though checking for it is not infallible.

Clearly with the volume of apps being processed mistakes can and will be made and malware could get through any screening process. However it appears that the number of malware apps getting through the iOS screening process are vanishingly small and are quickly removed on detection.

Generally I think that the way to assess the relative security performance of operating systems or platforms is to look for independent and reasonable competent measurements of actual real world security breaches and malware exploits based on large samples and large data sets. All too often debates about relative security performance wanders into the theoretical and focusses on the obscure security potential of issues associated with particular pieces of code or particular security arrangements whilst ignoring the real world security performance of different systems and platforms. It's all very well being concerned that security breach 'X' on one platform is in theory worse than security breach 'Y' on another but if it turns out that in the real world security breach 'Y' has been actually used 100,000 times on actual victims and breach 'X' has never been used on any actual victims then I would consider it reasonable to say that security breach 'Y' is a worse security problem.

In the realm of mobile platforms there are independent studies conducted at regular intervals using large data sets that attempt to measure the relative amounts of malware on different mobile platforms. The conclusions of all these studies by different security companies are all broadly the same, which is that mobile malware is overwhelming a problem of the Android OS and is vanishingly small on the iOS platform.

This pdf of the Mobile Threat Report from the F-Secure Labs dated Q4 2012 is representative of the sorts of results you see from many such reports

http://www.f-secure.com/static/doc/labs_global/Research/Mobile%...

As you can see from the report is says that observed malware by platform at the end of 2012 was as follows:

Android 79%
Symbian 19%
iOS 0.7%

The fact that the pattern of many different reports on real world security problems on mobile platforms broadly paints the same picture means, I think, one can have a high confidence that they are broadly accurate in two important conclusions:

Malware on mobile is an Android problem.

Malware on Android is getting worse.

Edited 2013-04-02 11:47 UTC

Reply Parent Score: 1