Monday, November 23, 2009

Users Better Off Not Breaking iPhone Security

Hot on the heels of Phil Schiller's defense to BusinessWeek of Apple's application approval process is news of another Netherlands worm targeting customers who have disabled Apple's app-approval process by "jailbreaking" their phones to run anything loaded onto them (like malicious worms, surprise, surprise). Phones whose app-approval tools haven't been disabled are immune to the attack, as previously described here.

Phil Schiller's explanation of Apple's approval process is interesting because he expressly discusses Apple's effort to ensure that applications offered through the store don't obviously behave in a manner users don't expect. Developers whose apps easily crash, or snoop users' data, get a notice that Apple isn't ready to add the app to the store. Developers whose apps are designed to help users cheat at games of chance – something of potential interest in Las Vegas, for example – or otherwise to break the law, are often disappointed Apple won't play along. Why should Apple subject itself to liability for assisting people to violate the law in jurisdictions where gambling is legal, but regulated? (Cheating at a "friendly" game in another jurisdiction may not be illegal, but it's certainly unsportsmanlike – and why should Apple support it?)

Apple is trying to build a family product – something that parents can be confident their kids can use, something schools will allow on campus ... something that, in short, has a large and socially acceptable market. People who want to disable the security Apple has offered can apparently do so, but the folks helping them do it haven't proven themselves worthy of their customers' trust.

With Apple's exclusivity agreements expiring – and users' "need" to hack phones to work on unsupported networks seemingly coming to a close – one hopes that security-unconscious jailbreak tools will become increasingly a hazard of the past.

In the meantime, customers whose needs have driven them to jailbreak from necessity should change the passwords on their phones, disable root login, and close down the OpenSSH server started by the jailbreak tools.

No comments: