By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the Expert
Do you have an application security question for Michael Cobb? Submit it now via email! (All questions are anonymous.)
In reality, it's a question of control. A user chooses whether to visit a particular webpage, but he or she has no control over who can send them an email. Though spam filters can be configured to block certain types of email content or email from particular addresses, some malicious or spam emails will inevitably get through. Websites that have digital certificates can be verified as genuine, and browser settings and plug-ins such as NoScript can control which scripts on webpages are allowed to run. But with email, it's easy for an attacker to spoof the sender details in the address field, meaning that unwanted and unrequested content can easily appear in an email client. Therefore, by default email has to be sanitized as much as possible, with the user being given the option of displaying additional -- and potentially dangerous -- content if they want to.
While the Mailbox app is not malicious and its behavior doesn't violate any of the App Store rules, its poor design could have easily been used by an attacker, particularly for delivering potent spear-phishing emails. While the data that could be stolen would be limited by the iOS sandbox, an email app has access to a lot of potentially valuable information. On a jailbroken device, the damage would be much worse.
Related Q&A from Michael Cobb
Remote wipe isn't always an option when it comes to securing enterprise BYOD use. Learn how selective wipe and enterprise wipe technology can help ...continue reading
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.continue reading
Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.