Submitted by Bob Bhatnagar on
Users with jailbroken iPhones are not the only ones that need to worry about security threats. According to iPhone developer Nicolas Seriot personal data on all iPhones is easily accessible with standard Application Programming Interfaces (APIs).
Malicious code could easily be sneaked into the AppStore past Apple's reviewers. SpyPhone, a proof-of-concept application, shows that personal data such as Contacts can be easily compromised.
The app quietly records personal data in the background, then sends information to a central server via email. Hiding malicious code from Apple is relatively easy if the privacy violating aspects of the software are delayed or private data is sent encrypted when stolen.
GPS locations, web browsing history and Contacts are just a few of the items that can be easily accessed with standard developer API code. Apple does screen for malicious code, however with the extreme volume of apps they encounter daily Seriot does not think it would be difficult for an app to hide its spyware capabilities.
Seriot suggests that apps should ask permission before using the Contacts, or that all iPhones would be better off with a firewall.