Apple boots iOS developer for exposing a security bug (Digital Trends)

Companies like Google and Facebook reward hackers with monetary incentives for finding bugs and security holes in their software. Apple has taken the opposite approach. TG Daily reports that security researcher Charlie Miller was ousted from the iOS developer program after revealing a security flaw in iPhones and iPads. He discovered, and made public, that it’s possible to create an app for the App Store that passes all of Apple’s security sweeps but still downloads malware onto the device and does bad things. His app, called InstaStock and masked as a stock trading app, was able to access photos and contacts as well as make the device vibrate or play sounds, all of which are typically restricted on iOS.

 ”The user doesn’t know anything’s going on, it just looks like a normal app,” he says. “I can grab any file I want – here is, for example, the address book.”

Unfortunately, though it was necessary for his research, Apple did not take kindly to Miller uploading malware to the App Store. He was booted from the developer program despite the fact that he publicly stated that his app was for research and warned Apple of the hole in their system. 

“OMG, Apple just kicked me out of the iOS Developer program. That’s so rude!” said Miller on Twitter. “First they give researchers access to developer programs (although I paid for mine), then they kick them out…for doing research. I thought they’d just remove the app and we’d still be friends.”

Apple has not commented on the situation. 

This article was originally posted on Digital Trends

More from Digital Trends

Our favorite hidden features of iOS 5

Apple iOS 5: Everything you need to know

Facebook iPad app wrapped up inside iPhone app; UPDATE: Facebook blocks the app

Why did Apple choose Twitter over Facebook for iOS 5?

Article source: http://us.rd.yahoo.com/dailynews/rss/security/*http://news.yahoo.com/s/digitaltrends/20111108/tc_digitaltrends/applebootsiosdeveloperforexposingasecuritybug

View full post on National Cyber Security