The prevalent wisdom in the enterprise world is that Android is a prime target of hackers and malware creators because Apple’s iOS mobile operating system and its online App Store are more secure than their counterparts from Google.
Maybe it’s time to rethink the prevalent wisdom. A new report by mobile security vendor Appthority concludes: “The once safe Apple Store continues to be compromised with new breaches, bringing an end to the era of absolute trust in iOS and the protection of the Apple App Store vetting process.”
It its Q2 2016 Enterprise Mobile Threat Report, Appthority says Apple’s security essentially was airtight until last summer:
“As of July, 2015, you’d have had to say Apple’s App Store vetting performance was exemplary. Up to that date, iOS malware was restricted to jailbroken devices, which was the only way to install 3rd party apps which had thus not gone through Apple’s strict app review process.”
Since last August, though, a half-dozen vulnerabilities have been discovered in the App Store. “That’s six more than had occurred previously, in what was thought of as a secure and reliable app vetting process,” Appthority writes.
For enterprise IT professionals responsible for mobile security, the message is clear: Never assume anything is hack-proof, no matter what vendors or (it has to be said) fanboys tell you. That kind of assumed trust in technology and vendors is a security disaster waiting to happen.
“CISOs must now realize that Apple’s review process only looks for what apps are ‘good enough’ for consumers, but obviously a large number of the approved apps are not enterprise grade,” Appthority writes. “The only reasonable course of action for enterprises now is to add iOS app risk management to the list of security concerns that must be monitored and dealt with.”
Reasonable, and responsible.
Have any of your enterprise’s iOS devices become infected in recent months?