Elinor Mills writes:
Lax security screening at Apple’s App Store and a design flaw are putting iPhone users at risk of downloading malicious apps that could steal data and spy on them, a Swiss researcher warns.
Apple’s iPhone app review process is inadequate to stop malicious apps from getting distributed to millions of users, according to Nicolas Seriot, a software engineer and scientific collaborator at the Swiss University of Applied Sciences (HEIG-VD). Once they are downloaded, iPhone apps have unfettered access to a wide range of privacy-invasive information about the user’s device, location, activities, interests, and friends, he said in an interview on Tuesday.
In a talk scheduled for Wednesday at the Black Hat DC security conference, Seriot will explain how an innocent-looking app could be designed to harvest personal data and send it to a remote server without the user knowing it.
Read more on CNET.