By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the Expert
Do you have an application security question for Michael Cobb? Submit it now via email! (All questions are anonymous.)
In reality, it's a question of control. A user chooses whether to visit a particular webpage, but he or she has no control over who can send them an email. Though spam filters can be configured to block certain types of email content or email from particular addresses, some malicious or spam emails will inevitably get through. Websites that have digital certificates can be verified as genuine, and browser settings and plug-ins such as NoScript can control which scripts on webpages are allowed to run. But with email, it's easy for an attacker to spoof the sender details in the address field, meaning that unwanted and unrequested content can easily appear in an email client. Therefore, by default email has to be sanitized as much as possible, with the user being given the option of displaying additional -- and potentially dangerous -- content if they want to.
While the Mailbox app is not malicious and its behavior doesn't violate any of the App Store rules, its poor design could have easily been used by an attacker, particularly for delivering potent spear-phishing emails. While the data that could be stolen would be limited by the iOS sandbox, an email app has access to a lot of potentially valuable information. On a jailbroken device, the damage would be much worse.
Dig Deeper on Web Application Security
Related Q&A from Michael Cobb
Amazon disabled native encryption capabilities in the latest Fire OS version. Expert Michael Cobb explains what this means for security, and if ...continue reading
A pirated app called Happy Daily English beat Apple's App Store security review. Expert Michael Cobb explains how it works and what security teams ...continue reading
The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.