Apple lets security researcher into App Store, then throws toys out of cot


Well known security researcher Charlie Miller has received mentions on Naked Security before.

For example, he presented research on the security (or otherwise) of the firmware built into Apple laptop batteries at this year’s Black Hat conference.

And in 2009, he openly promoted the concept of No More Free Bugs at CanSecWest.

He hasn’t stuck to his guns in respect of “no more free bugs”, though – he recently published an openly accessible YouTube video in which he shows, in his own words, how to break “the App Store [anti-malware] model using a flaw in the iOS code signing enforcement mechanism.”

Apple, which has been rather tardy in coming to the security party, wasn’t best pleased. The company threw out Miller’s proof-of-concept software, excommunicated him from the Apple developer programme and banned him from the App Store for at least a year, according to reports.

(The video didn’t have an entirely negative outcome for Miller. He’s now getting plenty of advance publicity for his research, which he’ll be presenting at SyScan ’11 in Taiwan next week.)

Incidentally, Miller’s program isn’t the only security-related software banned from the App Store.

You won’t find Sophos’s award-winning Macintosh anti-virus in the OS X App Store either. One of the reasons it’s excluded is because it makes use of a kernel driver. That’s the bit which slots into the operating system to provide not just malware detection, but malware prevention.

Without a kernel driver, there isn’t a reliable way to block access to dodgy files before they can do harm. On the other hand, malware can do its dirty work without a kernel driver, or even a password to give it administrative powers.

Ironic, isn’t it?

Malware can make it into the App Store, but a fit-for-purpose anti-malware program can’t.