Well let’s go back to basics. Apple’s iOS framework is built around the idea of “sandboxing”. Each application (app) literally lives in its own fenced off little box, where it is unable to communicate with any of the other apps on the device, which are all in their own little boxes. Inside each of these ‘sandboxes’ each app is able to have all the fun it likes, completely unable to affect other apps (literally like children playing in separate sandboxes unable to hurt each other). Very limited lines of communication exist between each app and the operating system, so applications are unable to control or access many core parts of the phone (unlike Android for example where apps have much more freedom to do things like send SMS). In addition to this, Apple reviewers inspect every new application that is submitted to its appstore to look for malicious behavior, and Apple only allows users to download apps from its own store. These are the general arguments that run behind the idea that iOS is “safe.”
This structure Apple has put in place has certainly limited the impact of malicious applications so far on iOS, but it has certainly not eradicated it. Any operating system is capable of getting attacked by malware. Those “sandboxed” applications still have direct access to the operating system, creating a number of potential vulnerabilities, especially for those users running older versions of the OS containing unpatched bugs. Security researchers famously evaded Apple’s reviewers in 2013 and sneaked malware into the store using a ‘Jekyll & Hyde’ approach, where the behaviour of a benign app was remotely changed after it had been approved and installed. It appeared to be a harmless app that Apple reviewers accepted into the iOS app store. Reseacher’s were later able to update the app to carry out a variety of malicious actions without triggering any security alarms. Before this malware was discovered, our friends at Kaspersky Security had also noticed another malicious app on iOS known as “Find and call”, which leaked user data in plain text via http, (which is like taking a shower with the window open and the blinds up).
And just one month ago in late May 2014, we saw the first mass ransomware occurring on iOS, with thousands of users locked out of their phones until they paid a ransom demanded by someone called “Oleg Pliss” who demanded $100 to unlock the device.
The Avira app is an app just like the others on iOS and due to sandboxing it can not directly scan the apps in the other sandboxes as it can not access them. However, importantly, every time an app is opened it executes a process, which identifies it to the operating system. The Avira app’s malicious process scanner can see all the current running processes on the device which is information supplied directly by the OS (every app has it’s own unique identifiable processes). From that information Avira can tell if there is a malicious application open on your device by comparing it with our malicious process dictionary, as the application’s running processes identify it.
As well as the malicious process scanner, the Avira app “Find my Phone” feature will help you locate any of your of your family’s iOS or Android devices, and the “Identity Safeguard” feature will also let you know if your personal details have been caught up in any security breaches that could lead to your identity being stolen and you defrauded.
One last thing. The new version of iOS, known as iOS 8 arrives in the fall, which (amongst thousands of new changes to the OS which are yet to be fully tested by developers), brings a new feature known as “extensibility”. This is the ability for applications to start reaching outside of their sandboxes and talking to each other using so-called “extensions” to reach across. Sandboxes won’t be such lonely places after all! iOS is evolving, and so are the threats. Avira iOS mobile security will be there to keep you safe!
This post is also available in: German