Friday, October 1, 2010 [Tweets] [Favorites]

“Curated” Doesn’t Necessarily Mean “Secure”

Wil Shipley:

So, the better approach to security would be transparency, which is to say users could install applications like the one being written by Peter Gilbert, above, which would tell them when data is being sent to servers, and they could use their own judgment about whether a particular program should be contacting a particular server given their recent actions. With many pairs of paranoid eyes would come much better app validation than Apple could do in a few days.

But this isn’t allowed on iOS right now—the necessary APIs are verbotten, and Apple apparently (and ironically) has written a tool to automatically detect if an application is using APIs Apple doesn’t allow. So, in this case, Apple’s curated approach has potentially made them less secure than Android.

I don’t understand why iOS makes such a big deal about permission to access location data, when any random app, even one that shouldn’t need network access at all, can access my address book, photos, and clipboard and upload them to who-knows-where.

4 Comments

I think it's mostly Security Theater. It allows Jobs to show the new "security features" at keynotes, and explain to people how Apple takes security and privacy seriously.

"I don’t understand why iOS makes such a big deal about permission to access location data, when any random app, even one that shouldn’t need network access at all, can access my address book, photos, and clipboard and upload them to who-knows-where."

I was thinking about that in FireFox the other day, "Do you want to share your location with this web page?", as if that is the pinnacle of antiprivacy. I wish it would ask me about real privacy concern such as cookies, sharing referrer with certain pages, the visited link attribute/change of style, etc.

"I don’t understand why iOS makes such a big deal about permission to access location data, when any random app, even one that shouldn’t need network access at all, can access my address book, photos, and clipboard and upload them to who-knows-where."

It's previous obvious.

What if an app was linked to a rogue military satellite that could pinpoint your location and turn you into oblivion you with a laser beam?

Worse: it could be Wile E. Coyote that has access to the very same data.

[...] 2010, I wrote: I don’t understand why iOS makes such a big deal about permission to access location data, [...]

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment