Linked by David Adams on Tue 8th Nov 2011 17:03 UTC, submitted by Al Sacco
Privacy, Security, Encryption An iOS security researcher who submitted a tainted iPhone application meant to expose a weakness in Apple's App Store security process has been suspended from Apple's developer program. And rightly so -- he violated clear terms of service. But what does that say about the security of all those random apps on your iPhone, iPad and iPod?
Thread beginning with comment 496519
To read all comments associated with this story, please click here.
I don't see the problem
by leos on Tue 8th Nov 2011 20:56 UTC
leos
Member since:
2005-09-21

This guy knowingly violated the terms of service of the app store and is then surprised when he gets kicked out?

Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.

If he wants to get more publicity he could release the info to the public. Sure, this is a more effective publicity stunt, but the reaction from Apple is totally appropriate.

Reply Score: 2

RE: I don't see the problem
by Thom_Holwerda on Tue 8th Nov 2011 22:03 in reply to "I don't see the problem"
Thom_Holwerda Member since:
2005-06-29

Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".

Reply Parent Score: 2

RE[2]: I don't see the problem
by WorknMan on Tue 8th Nov 2011 23:00 in reply to "RE: I don't see the problem"
WorknMan Member since:
2005-11-13

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".


The article says he reported the vulnerability to Apple. I wonder if he got any sort of response before publishing his app ...

Reply Parent Score: 2

RE[2]: I don't see the problem
by rhavyn on Tue 8th Nov 2011 23:01 in reply to "RE: I don't see the problem"
rhavyn Member since:
2005-07-06

"Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".
"

In which case the responsible thing would have been to take down the app immediately after it was approved. But he didn't.

Reply Parent Score: 2

RE[2]: I don't see the problem
by leos on Wed 9th Nov 2011 06:33 in reply to "RE: I don't see the problem"
leos Member since:
2005-09-21

"Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".
"

And that is their prerogative. The market will punish them if they ignore it and it leads to widespread exploits.

Reply Parent Score: 3