We're just discovering that there *might* be some security concerns with a device that fits in your pocket, has all your personal info on it, and can wirelessly communicate with anyone in the world, with the ability to charge you money for it? Abraca-duh.
Seriously, what is mysterious about this? It's a wonder to me that so many people decide to blindly hack and add whatever third party apps to their devices without taking the time to think what info they might be exposing and to whom.

Reply

what?, and put us security guys out of work? naw, let history repeat itself.

Reply

Yeah. It's humorous that folks will expose then exploit security holes to "break" the iPhone to only then be concerned about the security implications of running third-party code on the device and secure development practices for the device.

I'll be glad when the SDK comes out, even if I have to pay to develop for the platform and pay for the apps. We stand at least a small chance of these hacks continuing to do a disservice to the Apple community.

Reply

Good to know you (and your developer friends) are thinking about these issues, Erica, but I gotta say...writing a post like this, so far into the game, kinda leads me to believe that this is the first you're thinking of it. Which kinda makes me briefly consider turning in my Installer.app. It's just that scary.

Most of the desktop world seems to be perfectly happy saddling their computers with anti-virus and anti-spyware software...but I'd kinda like that to never be the case on the iPhone. I'll admit I love my jailbroken phone, but I'm dying for an Apple-branded security-signed app installation process.

Reply

This is only on iPhones that have been unlocked, right?

Reply

Erica: How do you place calls and look through the address book from API? I can't class dump AddressBook.framework for some reason. Any pointers?

Reply

In my view, BOTH the iPhone and Mac OS X are INSECURE. The Safari web browser has so many holes, it looks like swiss cheese. One of the holes was so bad that you could jailbreak your iPhone just by visiting a web site. Think about it for a minute. Just by visiting a web site, someone could install software on your phone. (Since the security flaw affected the Mac, the same thing could happen if your surfed to a malicious web site. You could get infected with Spyware etc).

Yes, that flaw was patched in iPhone 1.1.3 but there are some new flaws that have NOT yet been patched in 1.1.3 (or the latest version of Tiger or Leopard).

One of the reasons that Macs and iPhones have not been infected with Spyware etc is there still is not that worthwhile for most spyware developers. There is more bang for the buck in developing spyware, trojans etc for Windows.

But I think that will change with the popularity of the iPhone and the increased market share for the Mac.

Remember, despite what Apple says, there is valuable info on your iPhone. Account Names and Passwords, Contact names and Emails etc. A spammer's dream.

Reply

Yeah, right, Mam'selle Sadun.
Lock the barn door after the horse has bolted...
Medicine after Death.

Etc.

Failing to plan in advance is no different from planning to fail in advance.

Reply

"Mobile WinCE never did all this stuff." What, precisely, are you contending that Windows Mobile doesn't do?

Web browser?
You can use the included Pocket IE, or your choice of at least 7 alternatives that you can install (legally, without any jailbreaking or warranty violations).

E-mail?
Yep, outlook's in there, and it supports POP and IMAP (works great w/ Gmail, and exactly the same protocol used by the iPhone "update"), as well as Exchange Server with Push delivery.

Address Book?
Contacts is there, and offers better integration with directory services than the iPoS.

Music and Video?
WMP is there, and there are 3rd-party alternatives (TCPMP, anyone?) that support additional CODECs. YouTube works, too.

SMS?
Yeah, been there, done that, but without the cheesy chat bubbles -- oh, and I can send MMS, not just SMS.

Google Maps?
All the Jan '08 features have been there for a while, but I can also use GPS to get actual location information.

Clock and Calendar?
Yep, there.

Stocks and Weather?
I don't have to hide the fact that I'm using a web service, but if I want to I can actually put the data, and not just the icon on my Today screen.

3rd-party Software? Self-Developed Software? Documented API?
Oh, wait, the iPhone still doesn't have a timeline for when this will be supported. But, I'm sure that crappy AJAX "apps" are good enough -- especially compared to things like my SSH client that supports tunnels, actual GPS Nav app, universal IM client, FTP client, and other network tools. Of course, I also have the ability to develop and install whatever I like.

Word editor, Excel editor, PDF viewer, and PPT viewer?
Let's see you do any of that on your iPhone. Out of the box on all Windows Mobile Devices (ok, PDF is oob on most).

Reply

I wonder if that's why Flash wasn't on the iPhone in the first place?
Every once in a while I go to the web-based Flash Settings Manager and check to see if the settings hasn't been changed to allow a website to activate my camera and microphone.... or add a buncha stuff i.e. "memory usage allowed." In fact I just checked it and there are a ton of websites that have my settings stored on my computer (which I just deleted). Probably all harmless. Probably.

Reply

How is this exactly 'new', or not possible with Windows Mobile? It has been done for years, even a 1998 Siemens phone could be hacked with a custom firmware that made it silently accept calls from a pre-configured number.

Reply