Welcome to the MacNN Forums.

frdmfghtr · Sep 24, 2007, 11:08 AM

I installed the Installer.app last night and tried a few of the apps available (Apollo IM 1.0 was the motivation) and have to say it was quite the nice little installer package. Installing and removing apps was a breeze, and I would hope that Apple would take notice and actively support such efforts.

Now that we have an easy means of installing new apps to the iPhone, a new topic must be considered--malware.

In the world of OS X, there is little known threat. Furthermore, to help secure ourselves against the potential threat of malware, we have firewalls, virus scanners (I use ClamXav to scan the system, library, and apps directories twice per week), and I'm sure other forms of protection. In addition to all that, we have smart user decisions--don't install apps when you don't trust the source, etc.

Aside from trusting the source of the applications, what protection do we have from malware making its way to the iPhone? Reviewable source code for the apps is good, IF you trust that the source code you are looking at is the source code of the running binaries AND can read/understand the code. That argument could go that if you trust the provider of the code to use the same source code, you would also trust the integrity of the app itself.

Food for thought...

Big Mac · Sep 24, 2007, 11:16 AM

Not hacking the iPhone is a good way to prevent malware from being any kind of a problem.

SSharon · Sep 24, 2007, 11:21 AM

Originally Posted by Big Mac

Not hacking the iPhone is a good way to prevent malware from being any kind of a problem.

That is like saying don't get in a car to avoid being hurt in a car accident. Some of the apps are very useful and as they become more widespread people will genuinely believe that they can't go without them.

theDreamer · Sep 24, 2007, 11:31 AM

I think it is the same with any third party application on any phone/PDA product.
You just have to trust the source and hope they are not attempting to screw you, also if you might be worried wait after something is released and see how the market takes to the new application and see if any problem occur. The nice thing about having a popular device is when someone releases something for it, there are three times or more people looking over it tweaking it, reviewing it, or doing something to it.

Earth Mk. II · Sep 24, 2007, 11:53 AM

Well, in the end, all forms of security eventually come down to trust (you trust that the ClamAV engine in ClamX hasn't been compromised and is current). Right now, I would say the iPhone dev community is large enough and active enough to vet out any malware, and to raise a big stink if any is found.

Fortunately, malware can't be pushed onto the device - the user needs to be convinced to install it.

Drakino · Sep 24, 2007, 11:49 PM

Good tip for anyone here adding apps to the iPhone. Change the root password if you end up installing SSH. The SSH package is an SSH server and SSH client, and not changing the password can leave the phone open to anyone. It's a slim chance that someone would get in and do something, but better to reduce that chance to 0%.

To change the password, also install Term-vt100. Run it, and type in "passwd" and hit return. The phone will then ask for a new password twice, and not provide any * or . feedback when typing.