Possible ways of making the iPhone SDK secure
Steve finally announced that we can develop Cocoa applications on the iPhone from February. Apple needs this time to get the iPhone secure. Well, I suspect the real reason ist that they need to get their API stable – there have been several changes to UIKit from Version 1.0.x to 1.1.1. But aside from that: How can they make the iPhone more secure? By leveraging technologies from Leopard that they announced just yesterday and that one can read about in the security features of Leopard, of which the Phone runs some kind of variant:
- Signed Applications: The Developer signs his Apps. If there is a new App, with an unknown certificate, the phone asks the user for permission to run it. Apple signed Applications can run by default.
- Sandboxing: The App can only access what it needs to access. That prevents at least some viruses.
- Library Randomization: That’s making exploits a lot less likely, because you can’t assume the position of where to write your exploit.
- Tagging Applications also makes a lot of sense, especially with the signing described earlier.
So before an application is first run, it could present a screen like this:
“Do you want to run ‘’Super Atomic Bomberman’ signed by ‘John Doe’ which you trusted ealier with ‘Superfast Racing Game 3000’? It”s been downloaded from “supersoftware.com” on 08/03/08. It want’s to access the Wifi network as well as your contacts.”
Yay! iPhone SDK!