I'm not sure if anyone ever reads these posts (Save for spambots and the search hits for wanting to break into Fords. Seriously) but there's been a sizable gap of posts. And honestly, I started writing Bit Rot back in February. Since then, there's been the iPhone release, and just this morning, Daring Fireball linked to Charlie Miller owning (in both senses of the word!) a MacBook Air. He also was able to already find exploits for the iPhone.
So why do I mention this? Well, in many ways, the iPhone is going to be a whole new data point. Since it's so popular, the argument of market share is going to be removed. And the user base is going to be so diverse as to make PEBKAC a real threat. So how is Apple going to ensure security on the iPhone? 100% unbreakable software is like magic pixie dust. You can get close to it, and it definitely shows up in advertisements, but it's not really feasible. And, for better or for worse, Apple keeps its cards really close to its chest. Perhaps for the better, because otherwise armchair iCEOing would be much less fun.
Pay no attention to the computer behind the phone!
Back in MWSF 2007, in an interview, about 1 minute 40 seconds in, Phil Schiller was careful to stress that the iPhone is not a computer.And a lot of the limitations mentioned on the Rogue Amoeba illustrate the discrepancy. Phones typically don't have external installers, multitasking, and full access. Computers do. And while I can sympathize with the demand for this opening up (I don't own an iPhone- I've got a Sidekick II because of its telnet and SSH support), I can see why Apple did it this way.
Apple's solution appears to be to combat bit rot, on a couple of fronts. By acting as guardians of the phone, both in terms of what the apps can do and how the users can get the apps on the phone, Apple is getting users accustomed to treating Apple as an authority, of what apps are safe and which aren't. Furthermore, by restricting the data flow in this way, reinstalls are relatively painless. When a computer performs a software update, it has to take the pre-existing software into consideration. But if iTunes already knows the settings your phone has, the user files, the applications, and the OS, what part of a reinstall must the user do by hand?
So, here we stand with the iPhone. What market share protection the Mac has, the iPhone won't. The user issues that plague the windows world will affect the iPhone. And we know that antivirus software is limited in removing infections. So Apple is pushing for the iPhone to not be considered a computer, so that they can make an environment hostile to malware.
By requiring that all apps be installed by the store, Apple can serve as a guardian, reducing rogue sites from offering up trojans. By dictating the parts of the API the program can and can't use, Apple has a very rough filter that will make it harder for malware to slip through the approval process. By requiring all apps to be signed, Apple can shut down malware authors from the store, by knowing who made the code. By insisting that the phone be responsive, Apple can reduce bit rot.
And, most importantly, if and when the malware's made it onto the phone, the user can use iTunes to nuke it from orbit, restoring all the approved files and applications.
It's the only way to be sure.
