Apple has taken a number of steps to ensure the quality and safety of any applications developed for the iPhone. To start, any developer wishing to create an iPhone application must apply for a code-signing certificate from Apple, which has to be used to "sign" the application once it is created. The iPhone OS then uses this certificate to check the authenticity and integrity of the application before installing and executing it. (A software update released in September 2007 by Apple erased software that hadn't been sanctioned by the company.) Apple also adopted the trusted-source approach for distributing third-party iPhone apps. In other words, iPhone applications must come from the iPhone App Store, which makes it much harder for hackers to distribute malicious or harmful applications.
Once installed, an application runs in a sandboxed environment: It can only access files stored in its own private directory, with no access to system files or the files belonging to other applications, although it does have read-only access to system configuration information. An application also can't directly access the hardware. Using hardware-based features, such as Wi-Fi connections and accelerometers, can only be accomplished by going through APIs provided by the SDK frameworks. Finally, only one application can run at a time, making it difficult for a malicious application to run in the background.
So far, so good. Even so, I would proceed with caution before allowing such a radically new device to access sensitive enterprise data. There were reports that the key of the beta Application SDK was leaked. If that happened to the release version, hackers could create malicious yet compliant applications. There are also concerns that some of the security features of the iPhone's underlying Unix OS were stripped away to reduce memory requirements. It's been reported that nearly every iPhone process runs as root, which is clearly a breach of the principle of least privilege, as any process would enjoy near full system rights to do whatever its programmer instructed.
Also of note is that most iPhone applications being developed aren't being created with enterprise requirements in mind. The iPhone has been aimed mainly at the individual, not a corporate user. This will change as iPhone usage spreads, but at this point in time, I think it is important that companies quickly move to establish acceptable usage policies that state which applications can be downloaded onto the device. This list of applications should include only those that have been tested and deemed appropriate for users. Keeping the number of applications to a minimum will not only reduce risk, but also improve the iPhone's performance while reducing the number of support calls you receive. Personally, I wouldn't allow any mobile device that can't be remotely disabled and wiped to connect to the corporate network or access enterprise data. Laptops can now have such functionality installed. Dell Inc., for example, is embedding ComputraceComplete from Absolute Software Corp. into its laptops, which will erase data on stolen machines as well as provide tracking and recovery services. As smartphones are even smaller and easier to lose or (steal), they need the same type of protection.
This was first published in April 2009