Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.