The iPhone is nine years old – and still no significant malware outbreaks
Apple started selling the Apple iPhone nine years ago today.
Here is what Apple’s press release had to say:
iPhone introduces an entirely new user interface based on a revolutionary multi-touch display and pioneering new software that allows users to control iPhone with just a tap, flick or pinch of their fingers. iPhone combines three products into one small and lightweight handheld device – a revolutionary mobile phone, a widescreen iPod, and the Internet in your pocket with best-ever applications on a mobile phone for email, web browsing and maps. iPhone ushers in an era of software power and sophistication never before seen in a mobile device, which completely redefines what users can do on their mobile phones.
Apple was right to describe the iPhone as revolutionary. It changed the world.
But what I find particularly remarkable is that despite Apple selling such a popular mobile computing device for nine years, there has still been no major outbreak of malware on the platform.
The attacks we have seen on iOS have either been against vulnerable jailbroken iPhones (a state which Apple has made harder to achieve with successive generations of the iOS operating system) or through sophisticated targeted attacks such as exploiting enterprise provisioning features, or infecting iOS devices through Mac OS X via a USB cable.
The fact that hackers had to go to the effort of publishing a tampered version of Apple’s XCode library on third-party sites in the hope that iOS developers would download and use it to compile their code is testament to just how hard criminals have found it to sneak malware into the official App Store.
These factors have meant that if your iPhone ever gets infected by malware at all, there’s a good chance that a state-sponsored attacker is responsible.
So, happy birthday iPhone. Yes, you have had your fair share of vulnerabilities, lock screen bypasses and poorly-coded third-party apps… but you have done a remarkable job of fending off major malware attacks.
A learning lesson: This is how things can turn out if you design for security & privacy from the start. Android is more of a "we add security in the end of the project"-type of product.