Why I avoid iOS piracy

As an app developer, saying "I am not a huge fan of piracy" is an understatement. Apple has created a platform on which the cost of software has dropped dramatically, to the point where you can buy the entire top-fifty App Store list for little more than it would cost you to buy a single console game. Thus, when people spend hundreds of dollars on a device (and, often, hundreds more on accessories) and then feel compelled to pirate 99-cent apps, I must admit that I'm more befuddled than angry.

Alas, there will never be a shortage of arguments against--and in favor of--piracy. Pundits will continue to point out that it's illegal and immoral, and proponents will continue to herald it as a form of populist protest against powerful and arrogant copyright lobbies.

Inevitably, then, discussions around this topic are rarely fruitful, since matters of morality have a way of being colored by each person's own bias, and the legal implications of piracy are, on the whole, fairly modest for the average user. Personally, I find the practical consequences of installing pirated software much scarier than the prospect of being sued or prosecuted for copyright infringement.

The danger zone

One consequence of our increasing use of--and reliance on--iPhones and iPads and the like is that those mobile devices tend to contain an increasing amount of highly sensitive information about us. Like my Macs, both my iPhone and iPad are laden with all sorts of passwords, account numbers, banking information, and just about everything that an ill-intentioned person needs to completely ruin my life. The same applies to the devices that belong to most of my friends and other adult members of my family.

However, mobile devices can be much more dangerous than their desktop computer cousins. It's definitely possible that someone will break into my house and steal my Mac, but it seems likely that I will, one day, leave my iPhone on a train, or that someone with sticky fingers will bump into me in the street and relieve me of its presence.

Closed but safe

Apple has long known this, and the folks from Cupertino have worked hard to make sure that iOS is as safe a platform as possible. Thus, for example, If I should be suddenly separated from one of my devices, I would have the option of using Find My Phone to recover it--or, at the very least, to remotely wipe it before the bad guys could wreak too much havoc.

But physical security is only half of the solution: The other half comes in the form of Apple's closed software ecosystem, which only allows users to install Apple-approved software, and uses a technique called "sandboxing" to prevent apps from interfering with one another by accessing memory and data that doesn't belong to them.

There are all sorts of downsides to this approach, not the least of which is that Apple has maintained a tight grip over which apps make it on the App Store--sometimes with questionable results. However, there is also a major upside: iOS remains relatively safe from the installation of malicious software. I can let games and banking apps coexist with the knowledge that one won't play hokey-pokey with the other and surreptitiously help someone in a non-extradition country steal all my money. (Or, almost as bad, my high scores.)

Once you let pirated software on a device, however, this protection is largely compromised. Nothing prevents an ill-intentioned hacker from distributing a pirated version of, say, a popular password-management software that has been rigged to capture every keystroke and transmit it across the Internet to a remote server, where someone who just can't wait to ruin your life is standing by. Most significantly, this could be done in such a way that even the savviest of users wouldn't be able to tell without some in-depth analysis.

Making a run for it

What about jailbreaking? Jailbreaking is neither immoral nor, in most jurisdictions, illegal. And for good reason: It allows well-intentioned developers to explore the ins-and-outs of iOS, learning more about the way the operating system works and expanding its capabilities beyond what Apple mandates.

However, jailbreaking also eliminates the portion of iOS that prevents apps from peeking into each other's sandboxes. If used conscientiously, this is not necessarily a problem: Reputable developers of jailbroken apps are no more likely to try and steal your data than any honest software maker listed on the official App Store. On the other hand, pirated software or other maliciously-crafted apps that are allowed on a jailbroken device could install viruses that happily scour your information for juicy bits about your personal life, delivering them into the hands of the wrong person.

It's a scary thought, and this nightmare scenario is far from tin-foil-hat fear mongering: Windows users have had to contend with this kind of problem for years, often brought on by the installation of Trojan horses attached to pirated software. If there's just one reason to keep everyone away from pirating those one-dollar apps, this is it. And if the moral and legal implications provide extra fodder for your keeping your iPhone free of such software, so much the better.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppletelecommunicationapplicationsiossecurityMobile OSesmobilesecurity software

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marco Tabini

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place