Blue Coat US vice president of cloud services Anthony James says the practice of “security by obscurity” on Apple iOS needs to improve as smartphone adoption increases, while he also criticised Google Android for its open operating system.
James, an ex-pat Australian who has worked in the US for 10 years with security companies such as Fortinet, said iOS users have been lulled into a false sense of security because Apple does not check an application for security controls before it is published.
“They’ve had this whole sense of security around to get an application published, you need to go through their scrutiny,” he said. “They don’t check for security controls but for inappropriate content with the app,” he said.
Malware-infected applications
He pointed out that a US principal research consultant called Charlie Miler was able to exploit a bug in iOS which could stock the Apple App Store with malware-infected applications.
Miller built a fake stock ticker app, dubbed “Instastock,” as a proof-of-concept, then submitted it to Apple, who approved and placed it in the App Store in September 2011.
“Apple has done a great job of security by obscurity,” James said.
He also criticised Google, the developer of Android, for having an open operating system but said Android 4.0 did contain some security improvements.
Ice Cream Sandwich
“If you look at Android 4.0, the Ice Cream Sandwich, they put in some enterprise management features,” he said.
“We’re starting to see pressure on Google because what’s happening now is that corporate Australia is starting to dictate to these vendors that if they are going to allow these smartphones into their organisation they need to have some control,” he said.
“That’s where we have seen Android take their first step into enterprise management capabilities so I see Google is going to be more active in that.”
James, who was working on cloud security offerings for release next year, said he was targeting four operating systems, iOS, Android, Blackberry and Windows Mobile.
View full post on National Cyber Security » Computer Hacking