In a recent interview with U.K. publication Computing, Nikolay Grebennikov, CTO of Kaspersky Lab, said Apple should open its iOS mobile operating system to make it easier to create security software for the platform.
Opening up the platform would allow legit users to create more applications and bring more stuff to the table, but it will probably open the door for malicious writers too.
Alexandru Catalin Cosoi, head of the Online Threats Lab, BitDefender
"Apple simply can't continue with its current closed approach, and, in my opinion, to remain competitive it should be looking to open up its platform within a year," he told the publication. “It's not possible to create the products they create and be a world leader in security too; that expertise is elsewhere."
It’s an interesting message. Apple iOS restrictions make it virtually impossible for antivirus vendors to effectively run traditional antimalware software on the device. But security experts have mostly praised the iOS platform for being less prone to security threats due to its application limitations and the further restrictions it places on software developers. Apps running on iOS are isolated from each other, making it extremely difficult for malware to get to the device’s critical processes.
“I think the market generally dictates whether or not a particular product is successful and the last time I checked, I think Apple is pretty successful,” said Dean Turner, director of the Global Intelligence Network Symantec Security Response in a recent interview with SearchSecurity.com. “Apple’s particular process for designing applications they sell through their store has been in our estimation a fairly successful method to cut down on the number of malicious applications that we’re seeing.”
Apple’s model is the antithesis of desktop machines, which continue to be the most coveted target of attackers. Even with predictions that mobile platforms will be the next target for cybercriminals, by some estimates mobile malware remains less than 1% of all malware tracked online. There are reasons for that. The fragmented mobile market with multiple operating systems, different carriers and dozens of handset models make it complicated for malware writers. Malware is a business for the bad guys; cybercriminals want to reap the highest rewards with the lowest overhead.
By contrast, Google Android applications also run in a sandboxed or isolation mode, but the Android platform is more open, and security experts say applications sold in the Android Market are under less scrutiny. As a result, there have been a number of security issues. The company had to remove dozens of Android mobile applications in March because malware was embedded in them. Google acknowledged the problem and said it built more safeguards into its Android Market. Despite the new safeguards, a new variant of the DroidDream malware was detected in several applications this month.
Opening up iOS would appease some software developers who say creating iOS applications takes a lot of work, said Alexandru Catalin Cosoi, head of the Online Threats Lab at Romania-based antivirus vendor BitDefender. But the benefits of opening up the platform may outweigh the risks, he said.
“Opening up the platform would allow legit users to create more applications and bring more stuff to the table, but it will probably open the door for malicious writers too,” Cosoi said.
Whether Apple opens up its platform to foster additional development is anyone’s guess, but one thing is for sure according to Symantec’s Turner: Traditional antimalware is not going to work on mobile platforms.
“The security features in Android and iOS make it difficult for traditional malware to do traditional things,” Turner said. “In terms of antimalware technologies, I think we’re looking at something different than traditional.”