The iOS App Store is not the impenetrable walled garden you think it is.
For years consumers have lifted up iOS as the safe mobile operating system. Comparatively, it does see much less malware than Android likely due to its rigorous manual testing of App Store apps and technological limitations that only allow approved apps on iOS devices. But to believe you’re 100 percent in the clear if you’re using an iOS device is a mistake.
Today, iOS malware looks a lot like Android malware in 2010. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream.
Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store. And while that was far from the end of the Android malware story, it’s just beginning for iOS. Kevin Mahaffey, Lookout’s chief technology officer, predicts that as iOS continues to grow around the world, particularly in emerging markets, we’ll likely see more attackers focus their efforts on mainstream iOS users.
“Bad guys are rational economic actors. Because Android is so much more popular in the world they’re targeting the largest platforms first,” says Kevin Mahaffey. “But criminals are soon going to double down on iOS with targeted attacks.”
Android and iPhone malware: the technical abilities aren’t all that different
Apple’s app review process — a manual one where humans look at each app that is approved for distribution in the official App Store — has done a good job of keeping less sophisticated malware off iOS devices, though it’s not perfect. For the malware that does make it onto iOS devices, attacks can actually execute a lot of the same malicious actions. Lookout has observed iOS attacks that can do the following:
It’s much more of a level playing field than is generally assumed. Of course, the number of people actually affected by malware is significantly higher on Android, but in terms of what malware can do when actually on the device, the groundwork has been laid for significant threats to emerge.
iOS threats to date
Threats already exist for iOS and they aren’t trivial. Malicious actors are taking advantage of enterprise provisioning profiles, which are difficult in nature to get, but once you have it, you are able to push any application they want to any device. A number of the more current threats to iOS including WireLurker and XAgent use this tactic. Indeed, the world of iOS malware will continue to change, but let’s take a peek at what the landscape looks like today: