How safe are Cydia apps?

Discussion in 'Jailbreaks and iOS Hacks' started by wrkactjob, Aug 10, 2010.

  1. wrkactjob macrumors 65816

    wrkactjob

    Joined:
    Feb 29, 2008
    Location:
    London
    #1
    Are apps in Cydia scanned for malware at all?

    What chance rogue code exists to steal your confidential/financial details?
     
  2. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #2
    Well, Cydia is just a package manager (A front end for APT-get), Apps come from Repos (short fro Repositories), what that means is that you can install an app from a unknown repo and get a real bad stuff, or you can install from a well known repos and you will be safe. Now as anything else once in a while some malicious developer can leak undesired app to any repo (even the Official AppStore have posted undesired apps).

    Safety is in your hands no on Cydia, Follow common sense rules.

    Do no install repo from people you don't know anything about it,
    Always read, read, read, and them read even more about the app you are installing.
    Ask question in the forum (and search before reporting) if you are in doubt.
    Never install anything unless you are sure what it does and how it works.
    Do not install stuff that you don't need (like any computer system, the iPhone can get trash for running lot and lot of apps, and your experience my degrade).

    good luck.
     
  3. hackthatphone macrumors 68000

    hackthatphone

    Joined:
    Jul 28, 2010
    #3
    Good question and the same could certainly be asked of the app store. Sure seem to be a few apps that pull the wool over their eyes and only after hacking sites discover their hidden features are they then pulled.

    Like there aren't data mining in app store apps that have had developer's yanked from the app store, etc.
     
  4. wrkactjob thread starter macrumors 65816

    wrkactjob

    Joined:
    Feb 29, 2008
    Location:
    London
    #4
    "Never install anything unless you are sure what it does and how it works."


    Oh my! I do wonder how many people break open an app sourced from Cydia (or even the official Apple app store) and read through the code to see if there is anything tracking your info from credit cards, passwords to confidential information.

    People are savvy enough with PC technology to know a little about phishing and where not to click to get infected but I suspect too many people are shaking hands with apps they don't know.
     
  5. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #5
    Maybe I said it wrong, it is not like checking the source code, but if you concern about security and safety (like me), the minimun you can do it to understand what technology the app is using, what protocols, what type of data does it store, etc. You can check APT logs and see what dependencies were installed etc. If I installed an flashlight app and all of the sudden i see that apt installed a stmp server and a logger, it is a fishy app for sure.
     
  6. wrkactjob thread starter macrumors 65816

    wrkactjob

    Joined:
    Feb 29, 2008
    Location:
    London
    #6
    I really agree with you, but like who does that? Most people really haven't a clue and won't even understand what you have just written.

    http://www.bbc.co.uk/news/technology-10912376

    http://news.bbc.co.uk/1/hi/technology/8373739.stm
     
  7. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #7
    As I originally said, safety is on the "users" hands not on Cydia. If users are not willing to do a minimal check for those stuff, they should stay within Apples Jail and stay aways from JBing. or if they decided to still go for it and had a bad experienced don't blame the systems or the apps IMO.
     
  8. thelatinist macrumors 603

    thelatinist

    Joined:
    Aug 15, 2009
    Location:
    Connecticut, USA
    #8
    I do. I never install anything from Cydia without reviewing the dependencies and investigating them if I don't understand why they are needed. If possible, I also review the filesystem changes it will make. And I do not install anything from non-standard repos.

    You seem to be imply that the fact that failure to observe basic security measures is common somehow mitigates the end-user's responsibility and creates a responsibility on the part of the either the repository host or saurik to protect them. That's ridiculous.
     

Share This Page