twitter facebook rss

iOS and Malware

Posted by on October 15, 2015.

Almost exactly a year ago I wrote an article for this site in which I said:

…while iOS isn’t impregnable, most iOS-targeting malware relies on the device being jailbroken. In general, Apple’s ‘iron hand’ approach to app-sandboxing and App Store whitelisting  has made iGadgets a largely malware/anti-malware-free zone, while making it all but impossible for AV companies to introduce full-strength malware detection software to the platform, though on-demand scanners for iOS do exist in a limited sense. If I can quote myself and Lysa Myers:

An approved on-demand scanner is likeliest to detect:

  • malware that isn’t native to iOS but might use the iGadget as a gateway to vulnerable systems (heterogeneous malware transmission)
  • borderline apps that are closer to the ‘possibly unwanted’ class than to unequivocal malware
  • iOS-specific malware that can only take hold on a jailbroken device.

A year on from there, I was asked in a Facebook group ‘ Whats the best AV for iPad?’

In fact, I don’t usually make product recommendations, for several reasons.

  • Much of my income derives from consultancy to the AV industry in general, and one vendor in particular. I wouldn’t be working with that company if I didn’t think that they have a good product range. No, really: I work now because I want to, not because I have to. However, I wouldn’t feel comfortable recommending its products over and above other products unless I knew that they were definitely the ‘best’ product for the person who was asking. And that doesn’t happen often because comparing individual products is not something I do.
  • I happen to work in various contexts quite closely with researchers from other security companies. I’m not going to jeopardize the good relationships I have with other players in the industry by acting like a marketer in researcher’s clothing. It’s not that I don’t recognize the importance of marketing and the value of people who do it well and ethically. But my own work benefits from my staying at arm’s length from product promotion. Or, come to that, knocking the competition.
  • Actually, I think there’s a trust issue. I’m pretty sure Kevin wouldn’t want me to blog here if he thought I just saw it as an opportunity to continually promote the product of A Certain Company. 🙂

In this case, it was even more awkward, since Apple chose, earlier this year, to all but eliminate the presence of anything that looked like a mainstream anti-malware product from the App Store. So I was obliged to respond along these lines:

I’m not sure there’s any effective AV for iPad at this point. The iOS sandboxing model already restricted its functionality, and Apple has actually removed from the App Store most of – maybe all – the mainstream AV products that did have some limited scanning functionality. Fortunately, there isn’t a lot of out-and-out malware that targets iOS, though YiSpecter and XcodeGhost have made iOS look rather less safe than before.

[That’s a very slightly edited version of my original response.]

And I have to admit that if I was a more frequent user of iGadgets, I’d feel less secure today than I did a year ago.

David Harley

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , ,