| Abstract |
Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
|
top
