Research: Apple's Malware Checks Are Lacking

In terms of mobile security, Apple’s iOS is considered fairly safe – or, at least, somewhat safer than Android. The only apps available to run on iPhone and iPad devices are those that have passed an extensive review process. Theoretically, iPhones don’t wind up with malware installed because Apple works hard to catch malicious apps before they’re downloadable by the public.

In practice, however, Apple's efforts appear to come up short. A team of researchers at Georgia Tech exposed a massive hole in the app vetting process when it successfully uploaded software with malicious code to the Apple App Store as part of an experiment.

Specifically, the Georgia Tech mobile security team created an app advertised as a way to get news stories about the school. Buried in the app was a sort of viral timebomb – code that turns malicious only after being connected to the Internet for some time. This suggests that Apple’s screening process only reviews each app for seconds before declaring them malware-free, allowing similar remote-assembling malware to potentially sneak through. Explained Stony Brook University Assistant Professor Long Lu, who worked on the study: “The message we want to deliver is that right now the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen.”

While the odds of being targeted by a similar virus are small – Apple is already working to fix this particular security hole – this news only highlights the importance of running anti-virus software on your mobile devices, imperfect though such programs may be. Check out our need-to-know guide on mobile security for ideas on how to keep your valuable device safe.