On the iOS AppStore and Windows Spyware

Earlier I tweeted that I thought there was a connection between the iOS AppStore and the plethora of spyware, adware, and other garbage readily distributed through popular software aggregation sites like download.com.

I had just read the HowToGeek’s excellent expose on the effects of installing the most popular programs on download.com. There was a time (long ago) when I would recommend download.com as a safe place to get useful software like ccleaner. But the site has been steadily in decline: in addition to noxious and tricky advertisements, most of the programs, even my beloved ccleaner, have started bundling garbage as part of the install process.

There are two things about Apple’s ecosystem that I think train users that the sites like download.com are safe and efficient sources of software.

iOS apps are sandboxed

On iOS, each app runs in a sandboxed environment. There are very limited extension points for apps to communicate and modify global settings. Each app can’t read the settings or memory of other running processes. Malicious apps can’t spy on user activity when they’re not running in the foreground.

Furthermore, apps need the user’s explicit permission to read the user’s photos, contacts, location, or other private information.

Non-technical users are not aware that these security policies do not apply in Windows environments. Given that most users run as administrator (or simply accept every UAC prompt that appears) it’s easy for software to modify and inspect any area of the computer’s memory or storage.

Software review

Apps for iOS go through at least a cursory review process. Apple has a large list of guidelines and rules for inclusion in its AppStore. While often inconsistently applied and enforced, the rules communicate to end-users that the apps in the store have been reviewed for meeting basic quality and security standards. Users feel that any app in the store is safe: after-all, its been reviewed by a qualified technician at Apple.

While the security of iOS is more related to the sandboxing than the AppStore review process, end-users are taught that curated lists of software mare expected to meet those quality and security standards. Why else would they be included? But this review process is clearly not a part of including programs on download.com, despite whatever their advertising copy may claim.

The Future for Windows Users

Microsoft, for its part, has been trying to address this through its own store. Windows 8 includes an app store that distributes sandboxed apps that could provide the same security and quality standards as Apple’s. But with the desktop environment that still exists in Windows 8, users will always be able to install software directly from the Web. Without a gatekeeper, the wolves will still get into the pen.

Then again, the open nature of Windows allows for many compelling and useful applications that would never be possible in a locked down environment like iOS. Security and freedom are often antithetical. Sometimes the solution is more to do with people than technology: users need to be informed and educated on how to keep themselves safe.