Hacker Newsnew | comments | show | ask | jobs | submit login

>They haven't had to because they stop this stuff before it happens.

How does Apple stop malicious software? No one has ever claimed that.

Apple's review process doesn't validate that the software does what it claims it does, beyond the superficial.

I did a little googling, and found plenty of articles on Android's Marketplace having malicious software, but only articles along the lines of "Researcher says IPhone Data Model Could Lead to Malware" (http://www.pcworld.com/article/183741/researcher_says_iphone...) for the iPhone.

As far as I can tell, the iPhone has only been hit by malware when jailbreaking is involved. Maybe I'm missing it, but considering that minor infections in the Android market have made headlines, I imagine I would fine something for Apple too.

P.S. I'm hardly pro Apple, I have a Droid. I'm just saying that the probably do check for this sort of thing, because it's impossible in my mind for some one not to have tried to submit malware to the App store.


Apple has rejected some apps for uploading the users contacts to a third party server, using private APIs, etc. It seems like they do dig a little deeper. Who knows if that's enough to stop all malicious software but considering we've seen a number of malicious Android apps (fake Bank of America app, proof of concept botnet) it does seem like Apple's review process is providing some real benefits to go along with it's real disadvantages.


If you could somehow find a loophole within the scope of Apple's public APIs - Then sure... You could do something malicious.


The description of "malicious" seems a little nebulous.

I have never heard of an Android application that breaks out of the sandbox. When people talk about "malicious" applications, these are apps that don't actually do what they promise to do, and because of an overly generous user (who okayed excessive permissions) they exploit trust.

This is similar to a web site saying "Hey, add me to your trust zone" (in Internet Explorer) "and I'll be extra awesome", and then exploiting that access.

Another poster mentioned that location has a special confirmation security grant, which is interesting to learn, however for other accesses there is no guarantee that the app is doing everything in your best interest.


Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact