I told you yesterday that Apple will introduce new security measures in iOS After which The American Congress demanded explanationsand about how the applications access the contact book data from our iPhones. Well, the problem of the contact book is a small one because the application developers can access almost anything from our terminals without us knowing. Practically, the applications can record conversations, take pictures/films and can access almost any kind of data from our iDevice without us knowing unless we have the terminal in our hand and detect the recording of a photo with flash, for example. The problem is that Apple gives developers access to these functions through its SDK and the applications can transmit the recorded data to the developers' servers without anyone else knowing.
- Apps can only spy and slurp down your information when they are open. Just installing an app does not let this happen.
- Obviously, most developers would never consider doing something like this, and most companies would never try to do this either, because word getting out would destroy them immediately. However, there are many developers out there, and it is trivial to get on Apple's development platform.
- Apps like Path were busted because it was transmitting data via SSL, but granting it a fake SSL certificate (Ed. Thanks commenter) actually let the developer watch the data as it is transmitted. However, if data is encrypted without SSL, security experts and Apple cannot really see what is transferring securely, so it is harder to ferret out nasty applications
- This is not specifically an iOS problem. Any desktop application can suck up data and send it to a server somewhere far away (including email). Android handles this a little differently: If an app wants to access contacts, it asks permission upon installation. Most people do not look at this, but the onus is on the user to approve access. So, that is protection in name only.
Although there are big security holes in iOS, there are still some good aspects because the applications can do absolutely nothing unless they are open, not just in the background and not just left in Springboard. It is not known how many applications from the App Store record and send data to the developers' servers without us knowing, but big scandals are needed for Apple to restrict access. From my point of view we should be given the opportunity to decide if we want to give an application the possibility to access certain data from our terminals and be asked for permission for any kind of data from the terminals to be sent to the servers of the application developers .
Most developers use unencrypted methods of sending data to their own servers and in this way "pirate" applications can be discovered very easily. Those who encrypt their data before being sent to the servers protect the information and neither we nor Apple can find out what is being transmitted unless the developers provide additional information. Basically, these are the really dangerous applications because the information sent by them cannot be monitored and verified.
