Apple ID Password Request From iOS App Raises Security Questions
Apple’s (NASDAQ:AAPL) so-called “walled garden” ecosystem ensures that every iOS app is carefully vetted by Apple before it is allowed to be sold. As a result, Apple’s iOS platform is relatively free from malware. According to Cisco’s (NASDAQ:CSCO) recently released annual security report, 99 percent of all mobile malware in 2013 targeted Google’s (NASDAQ:GOOG) Android operating system.
However, this doesn’t mean that Apple’s devices are immune to security breaches. As noted in Cisco’s report, the maturation of mobile platforms and the growing use of mobile apps have increased all users’ vulnerability to malware attacks. “Many users download mobile apps regularly without any thought of security,” said the authors of Cisco’s report.
When it comes to mobile security, even Apple’s ecosystem is vulnerable if users carelessly hand over security information to third-party apps. As recently discovered by technology blogger Marco Arment, even apps from Apple’s App Store will occasionally try to get users to divulge security information that could potentially be used to hack a user’s device.
Arment noted that the Sunrise Calendar app for the iPhone requests a user’s Apple ID and password as part of the setup process. Sunrise claims that the Apple ID information is not stored and is only used for obtaining a “login token” from the user’s iCloud account. Although Sunrise’s claim may be true, Arment noted that this is a dangerous precedent for Apple users, since an Apple ID and password can allow a malicious attacker to wreak havoc with multiple connected devices.