Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First of all, someone would have to install a suspicious certificate to begin with. Then, that person would have to install the associated suspicious app from an email or Safari. This doesn't seem like a big issue.
 
First of all, someone would have to install a suspicious certificate to begin with. Then, that person would have to install the associated suspicious app from an email or Safari. This doesn't seem like a big issue.
Well, as explained in a few posts already, at least in iOS 8, the certificate/profile can be imbedded in the installation and basically be transparent in its installation and even for just being on the device. So, while this is still not a common thing and likely won't be, it's still simpler than that. And while not a big issue as far as how many might be affected, it's still a security issue and kind of a bad one in the sense of what it allows to do (no matter how unlikely it might be).
 
All I can say is, I'm glad I don't have to deal with the public at this level! I deal with enough uptight people in my business, over the most minor issues.:rolleyes: I wonder how they deal with everyday speed bumps!

Sounds like a legit concern, I'm just not sure Apple should be crucified over it? Do you really think this is Apple being malicious?:confused:

The Gov. jumping in, really? With what we have going on in our country, and across the pond?:eek:

What about all the major security breaches of late, Walmart, Home Depot(twice now)and Target come to mind!

I would much rather see them (Gov.) doing something more productive! Are we really worried, this is a conspiracy to steel info from a small group of business?:eek:

I'm not at all saying Apple should ignore this, I'm sure their working on a fix!:cool:
 
Stop apologizing for Apple. This is exactly how these situations come about in the first place: Too many people excusing Apple for problems with their software instead of pressing them to fix the problems.

Comments like this is exactly how these situations become overblown. Too many people accusing Apple for minor issues causing panic situation and non confidence in using iOS.

It's like someone forgot to unlock their door, a thief came in, causing an uproar (most probably spread by the rival apartment owner) the building is not safe, demand the owner to fix the door somehow so a thief will never came in whether it's open or not (unreasonable demands), or else people will move out from it (to the rival apartment building which is even less secured). You get the point.
 
Last edited:
All I can say is, I'm glad I don't have to deal with the public at this level! I deal with enough uptight people in my business, over the most minor issues.:rolleyes: I wonder how they deal with everyday speed bumps!

Sounds like a legit concern, I'm just not sure Apple should be crucified over it? Do you really think this is Apple being malicious?:confused:

The Gov. jumping in, really? With what we have going on in our country, and across the pond?:eek:

What about all the major security breaches of late, Walmart, Home Depot(twice now)and Target come to mind!

I would much rather see them (Gov.) doing something more productive! Are we really worried, this is a conspiracy to steel info from a small group of business?:eek:

I'm not at all saying Apple should ignore this, I'm sure their working on a fix!:cool:
The government has warned about Internet Exlorer and various other exploits and security issues before as well. Nothing new or surprising here. No one is crucifying anyone here (aside from some fringe that can go overboard on anything really), but it's information that is being made public so that people would know and so that a prompt fix would be that much more likely.
 
I've done iOS development and know that this requires a provisioning profile (separate from the app certificate) onto the device in order to install the app. This provisioning profile install requires user input, e.g. tap "Install" when prompted.

Note: I originally asked a question, but then I just watched the dang video and answered it myself. Edited.

Okay, this is the main thing I was worried about. There's nothing you have to do besides clicking the link to get that provisioning profile. From what people were saying, it sounded like you needed to do something else to get it.

Then this is bad. The user prompt doesn't even show the bundle identifier of the provisioning profile. Otherwise, at least some users would see a sketchy-looking identifier from a random company and avoid it.
 
Last edited:
Does this provisioning profile get automatically downloaded with the false app, prompting the user to install it, or does the user have to install it separately (through Xcode or something)?
It can be part of the app install itself and not even show up in any visible way on the device itself.
 
Ummnnn.... Sixty-plus year-old men and women designed and built the Internet you are using. Next you will claiming that you invented sex.

A.

The thing is, those people aren't necessarily good with modern technology (as I know a living example). They're probably knowledgeable enough to know about the threat of malware, but newer technology won't be as natural to them.
 
Hopefully the Government will come up with some guidelines Apples need to follow to avoid such problems in the future.
 
The thing is, those people aren't necessarily good with modern technology

And they aren't necessarily NOT good with modern technology. To assume otherwise is asinine.

A.
(who apologizes for the double negative, but it fit)
 
Ummnnn.... Sixty-plus year-old men and women designed and built the Internet you are using. Next you will claiming that you invented sex.

A.

Honestly i don't know what yo make of this, but to put it in one simple sentence this is like me telling you all women can cook.
 
Who wants to read multiple pages of boring legalese? We should thank lawyers.

Not saying you should read it, just saying you shouldn't blame the company if you chose to not read it and that neglect to read it leads to you getting "screwed"
 
Having the US government comment on the security of an Apple product negates the idea that Apple products are infallible. And apparently that upsets some people.

Nobody here is claiming Apple products are infallible.

Nobody. Not one single person. You simply can't comprehend that other people view this issue differently than you do, and you have to create a false premise to try and justify the fact that you visit an Apple forum and do nothing but bash and complain about Apple.
 
Stop apologizing for Apple. This is exactly how these situations come about in the first place: Too many people excusing Apple for problems with their software instead of pressing them to fix the problems.

I'm not apologizing for Apple! In order to install ANY app signed by an iOS Enterprise Certificate, you must:

  • Download, accept, and install said certificate. (Funny how both article and video don't mention this)
  • Actually download and install signed app.
  • Use installed app.

This isn't a security flaw! This is exactly how the Enterprise program works. This is blown out of proportion and apps / certificates cannot just install themselves.

Thanks for crapping on someone who actually knows how both developer programs work.
 
Why would anyone download an iOS app from a third-party website, especially from a link you receive via SMS? I'm smart enough to know to only install and update apps through iTunes/the App Store.

Freedom from Apple's prison, err, App Store? MovieBox? GameBoy emulators?
 
I'm not apologizing for Apple! In order to install ANY app signed by an iOS Enterprise Certificate, you must:

  • Download, accept, and install said certificate. (Funny how both article and video don't mention this)
  • Actually download and install signed app.
  • Use installed app.

This isn't a security flaw! This is exactly how the Enterprise program works. This is blown out of proportion and apps / certificates cannot just install themselves.

Thanks for crapping on someone who actually knows how both developer programs work.
Seems like a few things are being overlooked.

For the first item on the list, at least in iOS 8, a certificate/profile can simply be transparently installed as part of the actual app installation. That makes it that much simpler and easier and less noticeable even.

As for the security flaw part of it, the issue isn't with just a general installation of apps outside the App Store using certificates/profiles, the issue is that with an installation like that it's possible to have one app overwrite another app making it look like it's that app, that's the security flaw.
 
The are less likely to be familiar with technology they didn't grow up with.

Well, you have educated me. I was trying to make the point that it is ignorant and flawed to make judgements about people's ability based on simple metrics such as age. On reading the responses to my posts, I am beginning to believe that I was indeed wrong...

A.
 
Sadly a large part of the iPhone user base will click ACCEPT to anything that pops up, without even reading it. It's what America has become... we don't read, then we complain we've been scammed.
To be fair, a large part of the Windows/Android user base will click ACCEPT to anything that pops up too.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.