Apple Adds HTTPS Encryption to App Store
Update comes almost a year after researcher reported several security vulnerabilities
Apple (NASDAQ:AAPL) has added security encryption to its App Store, almost a year after a Google (NASDAQ:GOOG) researcher brought a vulnerability to the company’s attention that allowed users to make unauthorized purchases.
Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week. HTTPS is a more secure version of the HTTP standard and is commonly used in commerce and banking.
“While the Apple App Store is a native iOS app, most of its active content, including app pages and the update page, is dynamically rendered from server data. The server data is mostly standard Web data (HTML/Javascript/CSS) with custom extensions/keywords,” explained Bursztein. A user only needs to be accessing a shared network such as public Wi-Fi for a malicious party to steal their password, force the user to purchase a different app or upgrade or unknowingly grab sensitive information.
For example, a user attempting to purchase or update an app could become the victim of a man-in-the-middle attack. Without an HTTPS in place, the attacker could swap out the item the user was attempting to purchase and replace it with their own overpriced or malicious app.
Apple first implemented this change for the Chinese version of the App Store late last year. In its list of security updates Apple thanked Bursztein as well as Bernhard Brehm of Recurity Labs and Rahul Iyer of Bejoi.
Apple did not immediately respond to comment on the update.
Earlier this week Apple Senior President of Worldwide Marketing Phil Schiller took a swing at Google’s mobile security, after a study revealed that almost 80 percent of mobile malware threats in 2012 targeted Android devices.
Related Items
Google didn't announce the latest version of Android at I/O, their annual developer conference, leaving our devices feeling sad and unloved. Android 4.3 may still be on the way soon, but for now, here's what we wish they announced—and how you can get many of these fe... Read More
When it comes to mobile gaming, the vast majority of gamers aren’t choosing a dedicated mobile gaming console, they are using smartphones and tablets. It’s also no surprise when you step back and consider that the Android ecosystem is by far large the most popular... Read More
(Reuters) - Overtaking Apple Inc as the world's leading maker of smartphones has stretched Samsung Electronics Co's in-house supply lines, and the South Korean firm is now courting some of its rival's main parts suppliers. After costly courtroom battles over techno... Read More
(Reuters) - Apple Inc CEO Tim Cook will propose tax changes that would encourage firms to bring home more of their offshore funds when he faces congressional queries next Tuesday over his company's overseas cash holdings and tax bills, the Washington Post reported. ... Read More
