> Also, the AppStore means never having to worry about malware or viruses.
I've heard this idea over and over these past few days, and it really puzzles me. Do we really believe that the same App Store reviewers who are so incompetent that they can an e-reader because you could use it to read the Kama Sutra (or whatever your favourite ridiculous rejection of the day is) are, on the other hand, so competent that it is impossible to get malware by them? Or do we just believe that the iPhone/iPad/whatever is naturally resistant to malware, however cleverly written --in which case it doesn't matter what we install on it?
Is it really the case that the burden of proof is on someone who thinks that a system might be vulnerable? Should we believe by default in the security of new cryptosystems because they haven't been cracked yet?
I am neither asserting nor implying that there is malware anywhere in the iPhone ecosystem at any point. I meant merely that
1. the reviewers wouldn't, and couldn't be expected to, catch it, unless it were very clumsy (do you check the sources of all the software you run? Even if you do, do you think that the reviewer does? Now consider how many more apps a reviewer must vet daily than you run);
and
2. that there are much cleverer things to do with malware than loudly announce your presence, such as quietly funnelling out interesting personal data, so that it is very dangerous to confuse a lack of reports of malware with a lack of malware.
To the last point it may rightly be objected that arguing something on the basis of “If it were there you wouldn't see it, and you don't see it, so it's there” is indulging in a particularly base sort of logical fallacy (identification of a statement with its converse). I emphasise again that I am in no way claiming that there is malware; merely that the belief that there isn't, can't be, and won't be as long as we stick with the closed model seems to represent an indulgence in a peculiar sort of optimism.
I am not making any claims about the actual, present presence of malware. My only claim is that it is unduly optimistic to believe that a vetting process offers a complete immunity from malware.
Maybe I mis-interpreted your position, and you meant only that malware is less likely in a ‘gated community’ such as that offered by the iPhone and pals. If that is what you mean, then I agree.
If you would like a more grandiose claim, then I am willing to strengthen it slightly by making the definite claim that, some time between now and the heat death of the universe, there will be malware on the iPhone. However, this statement, being (practically) unfalsifiable, isn't worth much, which is why I didn't make it originally.
The paranoid in me wonders whether a malware writer might then work on infecting an app-store developer's machine, to get the code in via such indirection; but I agree that seems like an awful lot of work when so many unsecured machines are out there for easy and anonymous direct picking.
I've heard this idea over and over these past few days, and it really puzzles me. Do we really believe that the same App Store reviewers who are so incompetent that they can an e-reader because you could use it to read the Kama Sutra (or whatever your favourite ridiculous rejection of the day is) are, on the other hand, so competent that it is impossible to get malware by them? Or do we just believe that the iPhone/iPad/whatever is naturally resistant to malware, however cleverly written --in which case it doesn't matter what we install on it?