Many people think of viruses and malware as belonging exclusively to the PC. Even on the desktop side, it is mainly Windows which has problems, and Apple’s computers are regarded as safe. However, as mobile devices get more and more powerful, and become more and more common, security becomes much more of a worry for them. Back when mobile phones did little else than make calls, there wasn’t much use in trying to hack into them. However now most phones have internet access, which means that users are accessing email, banking, social networks, and sending and storing other data that hackers want. Also, complete internet access means that it is easier to get malware onto the phone.
Even with the increased value of hacking into mobile devices, the iPad still runs Apple software, so it is widely regarded as safe. Understanding why it might not be as safe as we think requires knowing a bit about why Apple’s desktop software isn’t so secure. Apple’s OS X isn’t actually any safer than Windows 7. In fact, some security companies have estimated that is has more security vulnerabilities than Windows. There are a couple of reasons why Apple software is not exploited nearly as much as Windows. For one thing, Apple has about 5% market share compared to Window’s 95%. This makes it much more efficient for hackers to write malware for Windows. Also, Apple has better update software than Windows, and Apple users are generally willing to spend more money to get nicer, updated devices, so it is uncommon to find outdated Apple software. Security flaws simply exist in any software, and keeping it secure is all a matter of keeping it updated. Running an updated Windows machine makes you significantly more secure.
So Apple’s desktop security advantage is simply something called “security for obscurity” – they are too obscure for anyone to bother hacking them. On the mobile device side, however, Apple has a much larger market share. Considering that the iPad, iPhone, and iPod Touch all run the same software, there are hundreds of millions of devices that can be targeted with a single iOS malware. This means that iPads are a significant hacker target.
Apple has an advantage in that they keep the App Store censored, by reviewing all apps before they are released. Generally, this allows them to block malicious applications form getting through. Unfortunately, they do not actually go through the entire source code of an application – they just test it to make sure it works, and that it has a legitimate use. In July 2010, an App was pulled from the store after it was discovered that the “Handy Light” flashlight app actually had a hidden tethering feature (<a href=”http://www.wired.com/gadgetlab/2010/07/apple-approves-pulls-flashlight-app-with-hidden-tethering-mode/” target=”_blank”>source</a>). This feature was hidden and not detected by the App store testers. In this case, it wasn’t a malicious app – in fact, it added functionality to the iPhone. However, this was also proof-of-concept that apps with hidden features can make it through the app store. This means that a hacker could easily write a seemingly innocent app, like a flashlight app, or a fart app, and hide bad software in it.
It’s also worth mentioning that jailbroken iPads have a whole other set of security issues, because they can allow third-party, untested apps to run. In fact, jailbreaking has to take advantage of security vulnerabilities to even work. So users of jailbroken iPads should take extra caution.
As of right now, there isn’t much of this going on, and the App store is still safe. However, it is entirely possible that a malicious app could sneak through into the App store. So what does this all mean for an iPad user? All that is means is that, just like with a desktop computer, you should not blindly trust unknown apps or websites with personal information, and that you should use some basic discretion when running a new app. You don’t need to be overly worried, as the iPad is still a pretty safe device, but just use a judicious amount of caution.