Apple is infamous for it’s stringent and sometimes odd vetting process for iOS apps, but it has purportedly kept iPhone and iPad users relatively safe from the malware that has plagued the Android ecosystem for years. Unfortunately, they can no longer wear that badge with pride anymore, as dozens (possibly hundreds) of apps written by Chinese developers and distributed through the official Apple App Store have been found to be infected with malware that can cause serious security problems for the affected device. Before you get up in arms about the brazen escalation of Sino-American cyber-hostilities, security analysts believe that the infected apps weren’t purposefully compromised, but were caused by Chinese app developers using an infected version of Apple’s coding framework, Xcode to build or update their apps. These apps were then submitted and, upon passing through Apple’s security screening, distributed in both the Chinese and American App Stores to upwards of hundreds of millions of users.
What this means for you:
Unless you make a habit of installing Chinese iOS apps you probably aren’t directly affected by this. Check this list, and if you did install one of the affected apps remove it or update it immediately, and change your Apple Cloud password and any other passwords you might have used while the infected app was installed on your device. For the rest of us that aren’t impacted, this particular failure illustrates two important points about security:
- No security system or process is infalliable. Apple’s fall from grace in this regard was only a matter of time. Every good security plan should include a failure contingency. In Apple’s case, they know exactly who installed what apps and plan to notify all affected customers.
- The use of the compromised Xcode framework was traced to many developers using a non-official download source to retrieve the code, which is very large (3gb) and is very to slow to download in China from Apple’s servers. Rather than being patient/diligent, Chinese programmers used local, unofficial repositories hosting malware infected versions of Xcode. Always confirm your source (whether reading email or downloading software) before clicking that link!
It feels strange to be writing about Microsoft and not mentioning a security loophole or zero-day exploit, but it is the day before April Fool’s after all. Fortunately for the iPad faithful, this isn’t a prank. On March 27, Microsoft launched iPad versions of it’s most used office productivity applications: Word, Excel and PowerPoint, all of them available for free download through the App store. “What’s the catch,” I hear you say? You can use them free, forever, to view documents, but if you want to create or edit documents, you need to have a subscription to Office365.com, the minimum of which is $70/year.
What this means for you:
The lack of any official MS Office software may have been one of the remaining tenuous barriers holding the iPad back from a complete domination of corporate boardrooms. Long a favorite of executives but usually relegated to email-only roles because of this lack, Office for the iPad may allow the C-suite to completely cut the cord on any vestigial Windows laptops they have been “forced” to carry around to do anything other than reading emails. I also know a lot of road warriors who may view the new apps with a mix of joy and trepidation, as it will conceivably allow for more effective work-related use of their iPad on those cramped, coach-fare flights. The excuse of “not being able to edit that Word document during the flight because all I have is my iPad” just won’t cut it anymore.
In all seriousness, this also marks a significant change in vision for Microsoft, a company that up until the new CEO’s arrival, had been a company that always put “Windows first”, even when it may have meant losing marketshare, as it has for so long in the iPad space. It’s still too early to tell whether this change in corporate values will lead to other transformations and products for other platforms (Office for Android anyone?), but this is certainly a step in new direction for the company.