Compared to Android, Apple’s iOS walled garden isn’t as safe from malware and the rest as the hype would lead you to believe. So we heard last November about Apple’s app store and the wares there.
And now e-book lovers and other owners of iPhones, iPads and other iOS devices face a new security threat, as reported by CSO:
An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple’s normal review process, potentially opening the door to abuse and security risks for users.
The technique is a variation of hot patching, which is a way of dynamically updating a system or application without restarting it. In this case, an iOS application is updated without the developer having to submit a new version to the official iOS app store and then wait for Apple’s review of the changes, which can be a lengthy process.
Great. So what do you think? On one hand, Apple needs to shorten the time needed to review a developer’s apps. On the other, safeguards can’t hurt.
What’s the solution? Perhaps slightly higher app prices to pay for a zippier reviewing by the App Store? The speedier-review feature might even be an option. What we wouldn’t need, however, would be for Apple to gouge developers for it.
More immediately, it will be interesting to see how Apple responds to the security threats created by the JSPatch open source project.
Security researchers have said: “JSPatch is a boon to iOS developers.In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes.”