Oh, Crap: Apple is Pulling Antivirus Apps from iTunes App Store

With no warning or explanation, Apple has started pulling antivirus apps from its app store. 9to5Mac noticed today that "Apple has seemingly decided to crack down on antivirus and antimalware apps".

I don't use my iPad enough to be able to tell whether any antivirus apps are no longer available, but the cull was confirmed by Intego, makers of Virus Barrier. That developer announced on its blog that Apple has decided that the entire category of anti-virus and anti-malware apps were no longer required. 

ipad-virus[1]

image via www.tabletsmagazine.nl

 This unfortunately means that Apple is not targeting a handful of apps for violation of some vague rule, but has instead decided to put all its customers at risk of attack - including the cautious, the prudent, and the paranoid.

Yes, I know that it's widely believed that Apple devices can't get viruses. This is by no means true, but it looks like Apple has become convinced of its invincibility.

That, or Apple doesn't care that the someone used a virus to target iDevices last year during the pro-democracy protests in Hong Kong, or that earlier in the year ad click stealing malware was discovered on jailbroken iPhones.

While you might feel that anyone who jailbreaks their iPhone set themselves up for trouble, the same cannot be said  for victims of Wirelurker. Identified late last year, this malware can pass from an infected Mac to infect an iDevice when you sync over USB.

So you think you don't need an antivirus on your iDevice? I wouldn't be so sure.

And if you're not scared yet, let me add that those are just the first 3 incidents which I found after a few minutes of Googling; I'm sure there are more. In fact, now that Apple has stripped away the defenses, I would guarantee that we're going to read more stories of malware, hacking, and viruses infecting iPhones.

P.S. Does anyone else appreciate the irony of Apple using the first line of defense (strict control of the iTunes app store) to make iDevice users less safe?

About Nate Hoffelder (11581 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

16 Comments on Oh, Crap: Apple is Pulling Antivirus Apps from iTunes App Store

  1. If this is true and it stands, it’s hilarious and dangerous.
    It could also mean that they bought some antivirus software and they’ll push that going forward.

  2. This also means that Apple may have a legal liability if anyone’s Apple device gets a virus.

  3. Weird. I just checked the App Store and there are plenty of antivirus apps there. Like all the McAfee ones.

  4. Non jail broken phones running App Store downloaded apps only are running only apps that are sandboxed from each other, so how would a virus scanner protect you? Only vector for shared data is through clipboard (user initiated cut and paste of text or graphical data) or through iCloud Drive, but again apps are restricted from running interpreted code, so you can’t run a browser with its own JavaScript engine, or ship Excel with VBA support, etc.

    I don’t see how anti virus apps ever served any purpose in the App Store. If you jail break, I suppose you can source an app from the same non apple sites that those apps come from.

    • I think this is something people don’t understand. For AntiVirus to work it has to “interfere” with the operating system and get its fingers into all of the OS’s inner workings so it can detect and intercept the virus’s activities. If your AntiVirus is running in a sandbox with carefully locked down access to the OS, it basically can’t function as an antivirus program. Which means that any app that doesn’t break the sandbox and still claims it can protect you from viruses is lying. Which is probably why Apple is removing anything that makes the claim.

      • In that case the sandboxing of all the apps actually increased risk rather than increasing security. Because you can get malicious apps.

        • Sandboxing is pretty much universally NOT regarded as “less secure”, I don’t know where that idea would even come from.

          At the end of the day, there’s several reasons why virus scanning makes no sense from an end user perspective:

          1) A virus scan app cannot scan other apps on the system.

          2) A virus scan app is close to useless in scanning attachments in email to make sure you don’t pass along a virus, because that virus scanner would have to become the email sender, or at least a pass thru (i.e.: write a document in Pages, share it to the virus scanner, which then in turn shares it to Mail.app). Who would do such a thing? Just stick a virus scanner on your Mac and PC.

          3) Apple reviews apps with humans, and runs virus/malware software against submitted apps.

          4) Apps cannot run interpreted code. IE: You can’t have a Javascript engine, you can’t run MAME, you can’t have a Java runtime, so the only exploits that can run code would be against Apple provided APIs. Those are both well checked, and well locked down. For example, Apple’s Nitro engine was until very recently restricted to Safari, and was not available to apps using an inline webkit view. After several years of vetting and hardening, it’s now available to third parties, presumably because it’s deemed safe and not known to contain any exploits. If an exploit came out, unlike Android, it’s only available in this case to IOS 8, and every device out there running IOS 8 is patchable by Apple and not end of life.

          I know you don’t like Apple products, but insinuating that sandboxing makes you more vulnerable just doesn’t make sense.

          This is just a case of apps that were able to do next to nothing not really being needed, and the pros (users not seeing ads in useless apps or paying money for apps that serve no purpose) outweigh the cons (some checkbox where a vendor can say they support IOS for their anti-virus platform).

          So yes. If you get an email with a Word doc with a Macro virus in it, you cannot infect your iPhone, but you can forward it to a PC user. Same way you could via webmail.

          • >Apps cannot run interpreted code. IE: You can’t have a Javascript engine, you can’t run MAME, you can’t have a Java runtime

            Apple eased that restriction a while ago. You can embed a custom javascript engine, emulator engine, Java runtime, etc. so long as it only runs code shipped with your app. So, basically useless if you’re Google trying to put a proper Chrome together — they have to use Apple’s Javascript — but if you’re a company like Atari you can most certainly ship emulators running code from original game ROMs embedded in the app, with in-app purchases simply unlocking what’s already there. Java is fine if it only runs code shipped with the app.

            Every now and then it’ll come out that a developer snuck an unrestricted emulator in an app and Apple quickly pulled it once it was known, so that may be why people still think interpreted code isn’t allowed.

          • Just wanted to add, my previous reply wasn’t to contradict your assessment of sandboxed scanners being nearly useless, only to correct the bit about interpreted code.

        • While it is true that there are malicious apps, to see if the Sandbox/App Store system increases or decreases risk you need to compare it to something. So lets compare desktop software to a phone app (all the main smart phone OSes use sandboxing combined with an app stores so it doesn’t matter which one we pick). Lets pick a typical user, lets say your Aunt who likes Candy Crush style games.

          So on the desktop, your Aunt decides that she wants to get this Candy Crush clone game from some random page on the internet. She downloads the game and then runs the installer on the computer. The installer pops up the Admin popup which she approves. At that point the installer has full access to her desktop OS and can do whatever it wants including modify OS files. If you have a virus scanner installed, it does two things normally: when she downloads the installer the antivirus tries to unpack the installer in memory and check all of the files in it and also when it actually installs the antivirus tries to watch what the installer is doing and look for suspicious actions/files. The key point in the above is that the installer has full admin access to every part of the computer and the virus scanner is playing defensively.

          So to compare to the phone. Your Aunt goes into the app store for her phone and searches for the Candy Crush clone. For the clone to show up it has to have passed the App store’s antivirus/antimalware checking system plus whatever other checks they do. Since it passed it will show up and she can install it. Once it is installed she can run it but it will only have whatever limited permissions and access to the OS that are granted at install time and everything else will be locked down (sandboxed). For the app to break out of the sandbox and directly access/modify the OS it has to exploit a security vulnerability. If the security vulnerability is patched before you install the app (because the OS company found it or someone reported it), then the app can’t get out the sandbox.

          Antivirus on the desktop is a broken security model. It can only catch viruses that it can identify, which is at best about 80% of them (there are a lot out there and the list is constantly growing). Where with the sandboxed security model, the virus can only infect you if it uses an unpatched security vulnerability. The moment the vulnerability is fixed the virus becomes useless.

    • As I understand it, since none of these apps could actually look for or provide a barrier against iOS vulnerabilities, they instead they scanned e-mail attachments, cloud storage, etc. for infected files which one might inadvertently pass on to a vulnerable desktop or laptop system.

  5. Only one iThing in this house and only because I need it for work. I don’t have enough fingers to count all the gadgets in this house and they’re all Android.

  6. Apple probably looked through the legit ones and ones that jst pretended to scan … but yea, anti-virus is pretty pointless on macs and IOS devices. If you jailbreak – you’re on your own and yes, IN LABS, it is possible to possibly infect a mac or IOS device but only in labs – why? That USB device requires YOU to or someone you know with it to plug it directly into your device – how often do you go around plugging your device into unknown USB’s AND someone has to embed that malware on there. That’s like saying it is possible you could be honeypotted by a spy so don’t travel to Kyahzikstan with a briefcase that says CIA and don’t sleep with the super good looking woman (or man) you meet in a hotel bar.

  7. Because iOS sandboxes ALL apps, each of these so-called anti-virus programs are scams to one degree or another.

    Apps cannot scan any part of your iPhone or iPad except their own area. So the only thing they can do is tell you that they, the anti-virus app itself, doesn’t have a virus. They can PRETEND to scan your entire device, but they can’t actually scan it.

    Because iOS sandboxes all apps, it is nearly impossible to get a virus on a non-jailbroken iDevice. And literally, the only instance anyone has ever shown of a virus infecting a non-jail broken device required the owner of the iPhone to do a whole series of steps to intentionally install it (using the functions meant for installing beta software to test).

    This move by Apple does not make your iDevice less secure. But it does prevent uninformed people (such as the author of this post) from wasting money on an app that does nothing.

Leave a comment

Your email address will not be published.


*