Just how SAFE is "Installer.app"?!?!

Discussion in 'iPhone' started by Vegeta-san, Aug 24, 2007.

  1. Vegeta-san macrumors 6502

    Joined:
    Aug 4, 2006
    #1
    Ok, hear me out here. My Mac's been under Applecare's repair for a couple of days, so I haven't had the chance to hack my iPhone yet, but I HAVE been keep ing up on the news. Recently, I've been hearing alot about this "Installer.app" and how it is such an awesome program for iPhone that lets you add application wirelessly and blablabla.

    But just the other day, I read in this story in Gizmodo (http://gizmodo.com/gadgets/piece-of...-easily-no-hacking-skills-required-291184.php ) a comment from a user "DYLANQ" who said
    "Why is Installer.app getting so much attention? Installer.app represents everything that is NOT open source.

    The applications lead developer has done EVERYTHING he can to keep the open source installation apps from gaining popularity.

    In addition to all that, running closed source apps on the iPhone is STUPID. If you people had any idea how dangerous that is, or how unsecure the iPhone's system is (EVERYTHING RUNS AS ROOT), you would NEVER trust a closed source app.

    Please check out the alternatives to Installer.app, there are some great open source apps that work much better."

    Is this true? I mean, just how safe is this program if it isn't open-source yet has all my iPhones information at its fingertips? Is this software we should really be supporting and pushing knowledge of or is DylanQ just paranoid? Please, advise so that we all know. Thanks.
     
  2. mobilehavoc macrumors 6502

    mobilehavoc

    Joined:
    Jun 30, 2007
    #2
    He brings up valid points and one of the reasons why I have yet to mod my iPhone and probably never will.

    Reality is most apps are created by good-natured folks trying to enhance the experience but there are always folks trying to have some nasty fun - sometimes inadvertently.

    I believe the comment about running as root is valid....even OSX doesn't by default allow apps to run as root as a security measure and the much parodied Vista UAC has the same purpose...why? Running apps (especially those you can't see the code of) with root permissions - access to everything - is extremely dangerous.

    One hypothetical example I can think of is an app in the background uploading your personal data (contacts, calendar, notes, etc) via the built in WiFi and EDGE to a server somewhere...all unbeknown to you.

    I'm usually not very paranoid but sometimes I think people are just asking for trouble.:D
     
  3. rdrr macrumors 6502a

    rdrr

    Joined:
    Nov 20, 2003
    Location:
    NH
    #3
    Applications shouldn't run as root, and if they are coded properly don't need to. In the case of applications that need to open up a tcp port below 1024 you can give them a sudo privileges, su do which give a user access like root but logged, and there are ways to work around that to make it more secure. Very rarely does a program need root, and if a developer says he "needs" root, he doesn't know how to do his job efficiently or is up to no good.
     
  4. Vegeta-san thread starter macrumors 6502

    Joined:
    Aug 4, 2006
    #4
    Good to know I'm not being overly paranoid....You mentioned each and every third party application you install on your iPhone has root access...Is this true? For some reason, I was under the impression that it was only "Installer.app" that posed that problem. Anyone know of an alternative to "Installer.app" that has open source code so we don't risk every bit of personal info on our phones just to run an app or two?
     
  5. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #5
    No, the root access is a red herring. A program with root access has access to _everything_ on a computer (or on an iPhone). A program with user access has only access to the data of that user. However, with most computers used by one person only, and with an iPhone, the user data is all that counts. So whether a rogue program has root access or only user access doesn't matter much.

    It's different for servers; if a server has 100 users and one of them does something stupid, then that user can lose all his data but the other 99 are safe. With an iPhone, it doesn't matter.
     

Share This Page