I did promise that you’d hear more of this…
Kevin Townsend returns to the theme in Infosecurity Magazine: iOS 5.5.1 jailbreak done; iOS 6 jailbreak pending. He asked several people associated with the AV industry (Luis Corrons of Panda, Graham Cluley of Sophos, and myself) about the implications of Apple’s refusal to allow AV vendors the ability to provide a full AV app for iOS – by full, I mean able to do on-access/realtime scanning, primarily. It’s certainly worth reading what the other guys had to say about it, and Kevin also quoted me at some length, both in the latest article referenced above and in the earlier one here. However, I’d like to reiterate and expand on those thoughts here.
To a large extent, Apple’s ability to decide which software you can install is its security, because it means Apple can, in theory, block any software that breaks its rules about what an application is allowed to do, and those rules protect Apple’s more technical defence mechanisms. Up to now, that has blocked malware almost as effectively as it has AV: out-and-out malware is almost totally reliant on jailbreaking.
I don’t see the mainstream AV industry initiate jailbreaking in order to install full-strength AV in the way some forensics software does in order to facilitate forensic analysis. Apart from the absolute certainty of alienating a company which does actually cooperate with the security industry some of the time, in a behind-the-scenes sort of way, I would expect to see Apple working to block any such jailbreaking so as to break the installation. That would lead to a war of attrition which would not benefit the customer, or Apple, or the companies involved. And it would squarely move the responsibility for consumer safety from Apple to the AV company, and that wouldn’t fly. Apple’s filtering stops a lot of stuff preemptively that AV would have to catch reactively (which is presumably why Apple seem to be favouring an approach as close as they can achieve to a similarly – but less – preemptive model on OS X). As the threatscape is right now, that would leave AV users more exposed to new malware relying on jailbreaking and while security software on a jailbroken system might offer better protection from the social-engineering/non-technical threats (some forms of phishing for example) than an unbroken iGadget, it would offer serious pragmatic and ethical objections.
An AV company might offer protection for devices that were already jailbroken, and in that case you could argue that partial protection is better than none. However, it would still seem ethically dubious to encourage users to break their contract with Apple. More pragmatically, would they risk the Apples of Wrath (especially if they had products for unbroken iOS and/or OS X)?
If Apple’s view of jailbreaking softened, for instance in response to anti-monopolistic pressure in the US, that could make a big difference. But then, in that case, the company might also be more inclined to cooperate at an iOS system/app developer level with security companies, so it might become moot. Right now, though, it seems likelier that Apple will try to become more restrictive even on OS X, with respect to what AV developers are allowed to do. And in its own jungle, Apple is a fairly heavy gorilla.
By the way, when Kevin refers to me as an Apple researcher, he means that I’m an independent researcher into Apple security, not that I’ve changed jobs – I do work with an AV vendor, but not on Apple-related issues.
Frankly, I think it’s very unlikely that Apple would ever offer me as much as a washing-up job in the staff canteen at Cupertino.
David Harley CITP FBCS CISSP