The practice of “security by obscurity” on the Apple's iOS needs to improve as smartphone adoption increases, according to Blue Coat US vice president of Cloud services, Anthony James.
James, an ex-pat Australian who has worked in the US for 10 years with security companies such as Fortinet, said iOS users have been lulled into a false sense of security because Apple doesn’t check an application for security controls before it is published.
“They’ve had this whole sense of security around to get an application published, you need to go through their scrutiny,” he said. “They don’t check for security controls but for inappropriate content with the app,” he said.
He pointed out that a US principal research consultant called Charlie Miler was able to exploit a bug in iOS which could stock the Apple App Store with malware-infected apps.
Miller built a fake stock ticker app, dubbed "Instastock," as a proof-of-concept, then submitted it to Apple, who approved and placed it in the App Store in September 2011.
“Apple has done a great job of security by obscurity,” James said.
He also criticised Google, the developer of Android, for having an open operating system but said Android 4.0 did contain some security improvements.
“If you look at Android 4.0, the Ice Cream Sandwich, they put in some enterprise management features,” he said.
"We’re starting to see pressure on Google because what’s happening now is that corporate Australia is starting to dictate to these vendors that if they are going to allow these smartphones into their organisation they need to have some control,” he said.
“That’s where we have seen Android take their first step into enterprise management capabilities so I see Google is going to be more active in that.”
James, who was working on Cloud security offerings for release next year, said he was targeting four operating systems, iOS, Android, Blackberry and Windows Mobile.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU