Linked by David Adams on Tue 8th Nov 2011 17:03 UTC, submitted by Al Sacco
Privacy, Security, Encryption An iOS security researcher who submitted a tainted iPhone application meant to expose a weakness in Apple's App Store security process has been suspended from Apple's developer program. And rightly so -- he violated clear terms of service. But what does that say about the security of all those random apps on your iPhone, iPad and iPod?
Thread beginning with comment 496534
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: I don't see the problem
by Thom_Holwerda on Tue 8th Nov 2011 22:03 UTC in reply to "I don't see the problem"
Thom_Holwerda
Member since:
2005-06-29

Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".

Reply Parent Score: 2

RE[2]: I don't see the problem
by WorknMan on Tue 8th Nov 2011 23:00 in reply to "RE: I don't see the problem"
WorknMan Member since:
2005-11-13

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".


The article says he reported the vulnerability to Apple. I wonder if he got any sort of response before publishing his app ...

Reply Parent Score: 2

RE[2]: I don't see the problem
by rhavyn on Tue 8th Nov 2011 23:01 in reply to "RE: I don't see the problem"
rhavyn Member since:
2005-07-06

"Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".
"

In which case the responsible thing would have been to take down the app immediately after it was approved. But he didn't.

Reply Parent Score: 2

RE[2]: I don't see the problem
by leos on Wed 9th Nov 2011 06:33 in reply to "RE: I don't see the problem"
leos Member since:
2005-09-21

"Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.


He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".
"

And that is their prerogative. The market will punish them if they ignore it and it leads to widespread exploits.

Reply Parent Score: 3