Security

Apple Wants ‘Appearance Of Security’ After iOS Anti-Hack App Is Removed

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Google + Linkedin Subscribe to our newsletter Write a comment

Stefan Esser, who developed the app, has accused Apple of covering up possible security weaknesses by withdrawing his application

Apple has removed an iOS application authored by a renowned security researcher that alerted users to hidden tinkering with their iPhone – just a week after it appeared on the App Store.

The ‘System and Security Info’ app, developed by Germany’s SektionEins, detected various hidden modifications to the system, such as changes to the certificates that guarantee that applications are legitimate and tweaks that indicate the device may have been jailbroken without the user’s knowledge.

The removal has done much to highlights the company’s controversial approach to security issues.

 

‘Appearance of security’

bended barsJailbreaking allows a user to take complete control of their iOS device, getting around its built-in security safeguards in order to enable custom functionality.

SektionEins founder Stefan Esser, well-known for finding numerous flaws in iOS, said Apple cited various reasons for removing the software from the App Store, but he argued the company’s main motivation was to maintain the appearance that iOS is secure.

Esser noted that the app had passed three App Store reviews, and was only rejected in the fourth review once it rose in popularity, outselling well-known games including Grand Theft Auto.

“(Apple) basically says: we do not want our users to have the impression iOS could have security holes. Go away,” Esser said in a post on Twitter.

He added that other apps with similar features, such as one offered by computer security firm G Data, remain on the App Store, presumably because they’re less visible. In another Twitter post he described Apple’s security model with an image of a monkey holding its hands over its eyes.

‘Inaccurate information’

Apple didn’t respond to a request for comment, but the company told Esser the app was removed because it was likely to report inaccurate information.

“There is no publicly available infrastructure to support iOS diagnostic analysis,” Apple said in comments posted by Esser. “Therefore your app may report inaccurate information which could mislead or confuse your users.”

Apple also cited the fact that the app’s name was similar to that of other software, and said its way of accessing iOS processes raised privacy concerns.

Esser said the fact that his app was able to access and list all the processes running on the device highlighted a potential privacy weakness that Apple may not have wanted attention drawn to. He said other diagnostic apps access processes in a similar way, but they don’t have the high profile that had been gained by System and Security Info.

“Apple has fixed iOS 9.3.2 Apple style: remove the app that can show you didn’t fix the privacy problem so no one can see it,” he wrote on Twitter.

Apple’s methods questioned

Esser is known for his harsh criticism of the way Apple handles security, last year taking the company to task for failing to adequately protect Mac OS X users from a bug that was later exploited by a dangerous worm.

At the time Esser called Apple’s actions “irresponsible”.

Other computer security researchers have also criticised Apple for focusing its efforts more on providing an impression of security rather than actually attending to problems.

Apple has notably mounted high-profile resistance to government efforts in the US and the UK that it claims would weaken the encryption used in mobile devices and make them less secure.

Are you a security pro? Try our quiz!