How app stores make you safer — to a point

Vendor app stores are quickly becoming nearly the only way people download and install programs to their devices. Android and iOS app stores surpassed 1.2 billion in downloads during the most recent Christmas season alone.

In general, app stores are a boon for computer security. Many devices are hard coded to accept downloads only from their corresponding app store — Apple pioneered that model, not just with the App Store, but even earlier with iTunes. Plus, newer device platforms nullify decades of previous malware: What worked with traditional computers won’t work with newer devices. Malware programmers not only have to learn the new APIs for the newer platforms to even begin the exploitation, they must learn the platform well enough to create a successful payload.

[ Also on InfoWorld: How to have BYOD and security, too | Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld’s Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld’s Security Central newsletter. ]

Not that learning the new way is hard — heck, legitimate programmers are doing it quite well and creating hundreds of thousands of new apps. But the newness invalidates the old malware, and the learning curve naturally slows down existing hackers as they migrate. It’s win-win for computer security.

Second, the new platforms use more secure programming languages, which have better safety features than their legacy counterparts. They have boundary checking, improved defaults, type checking, memory protections, and managed environments, leading to better-protected applications (all else being equal).

Third, the major app stores require that vendors submit their applications to a verification process to identify and eliminate common programming errors that could lead to compromises. Sure, app store programs can be and have been exploited, but the submission and expection process can only help to make more secure applications. There are many reasons to criticize vendors’ inspection requirements, including the decrease of programming freedom, higher cost and effort, and censorship, but securitywise, it’s a win.

After vendor approval, app stores often require a digital signature to ensure the program’s integrity back to the identified vendor. For starters, the consumer can be more confident the application hasn’t been maliciously changed, and the programmer is who they say they are. Also, if the programmer violates the terms, the vendor can easily revoke the application and even refuse all apps from the same developer in the future if necessary.

Fourth, app store applications tend to have quicker, more stable installations that follow a fairly common process. Further, the common install usually means there’s a shared and seamless updating process. Security admins around the world should be applauding. Your end-user’s application will automatically update with a minimum of hassle. This often extends to the operating system itself. Love it!

Fifth, those same applications are limited in what they can do, as they’re sandboxed from the OS and from each other. It’s harder, although not impossible (think Java) for malware to break outside the security sandbox. Today’s devices and new OSes are fortunate to have learned from the lessons of Java and other legacy sandboxes.

Lastly, the newer platforms simply have fewer areas for malicious programs to infect. Traditional operating systems have more than 100 spots malware can exploit and hide, perfected by hackers over decades of battle — fire up Microsoft’s Autoruns utility to see what I mean. Fewer places to infect means fewer places to defend. That’s another great benefit to decrease security risk.

It would seem that application stores are the be-all and end-all to computer security. Alas, we live in an imperfect world. To begin with, even these newer, improved, more secure apps have been exploited. It’s human nature — we make mistakes, as do programmers. Even worse, most platforms include approved applications that intentionally perform malicious (or unapproved) actions. The vendor can remove the application from the store, but often the offending software has been download hundreds of thousands to millions of times before it’s exposed as malware.

Many sophisticated users “jailbreak” their device so that they can install applications not approved by the vendor. In fact, jailbreaking enabled many of the most notorious malicious apps — and it will never go away. The bigger question is if vendors can retain control over what applications are published in their app stores or can be downloaded to their devices. Many observers believe that software freedom will trump vendor rights in court one day, and essentially we’ll end up with jailbroken devices by default. That’s good for user and programmer freedom, but not so much for computer security.

In reality, it takes far more than secure apps to keep a computer safe. A perfectly secure app can become an exploit vector through the use of the very features the programmer intended, albeit in an unintended manner. Think of macro virus, Visual Basic worm, and nearly any programming language ever invented — it’s hard for an app to be secure when the malicious writer works through built-in functionality.

Today, apps are commonly exploited through malformed data. Online evildoers routinely send malformed data files, like PDF and Flash files; when rendered by their intended parent app, they send the application into buffer overflow and take control of the system. Now take the possible exploit surfaces and add in all the new, unexplored aspects of of cloud computing and common protocols such as XML and HTML5. Even if the platforms are different, the common protocols will allow malicious replication to continue in the future.

Still, if we were to have perfect devices and perfect software, it wouldn’t change the vast majority of malicious hacking. Today, socially engineered worms, spam, and phishing attacks (none of which rely on software vulnerabilities) rule the attack space. A good fake email or Internet prompt will fool hundreds of thousands of end-users any day of the week.

None of the devices, app stores, or applications will significantly improve our overall security stance, even if they reached their pinnacle. And malicious attacks can’t be put down by a supposedly foolproof endpoint defense. They don’t exist. Hackers will get around every defense until we rebuild the Internet. Until we implement solutions that enforce pervasive identity and authentication across the Internet, we’ll continue our whack-a-mole strategies that will never work.

In the real world, most people don’t behave like criminals because they can be identified and would face significant consequences. Rob a bank a few times and you’re likely to get caught and go to jail for many years, all for a few thousand dollars. But on the Internet, you can steal millions of dollars a week and never get caught. Until we change those dynamics — and it will take pervasive identity and authentication — those facts will not change.

One day a tipping point event will happen, and the world will shudder, react, and implement the solutions we knew we needed decades ago. Until that week, we, unfortunately have to live with security solutions that won’t work. At least we’ll have sleek portable computers and fun apps to play with along the journey.

This story, “How app stores make you safer — to a point,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.