Editor’s Note: This story is excerpted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center.
Yes, iPadurday has come and gone. Many of us have Wi-Fi iPads in our grubby little mitts. Early reviews have been mostly stellar. The device—and more importantly, the software running it—is superb, but certainly not perfect. And now we’ve seen Steve Jobs outline the next release of the operating system, iPhone OS 4.0. That’s all well and good, but largely secondary to my point.
I’ve discussed the app store model here a couple of times, and the security ramifications it carries. Well, let’s consider the iPad in that light, now that it has been released.
When I got my iPad, I immediately installed several software packages on it. Most of it was for entertainment (e.g., Netflix, ABC Reader), but I also installed a couple of apps that could at least ostensibly be used for business (e.g., Pages, Keynote). Each installation was simple: I ran the App Store application, found the tools I wanted, and clicked the purchase icon. Within moments, each package installed.
The installation process gave me absolutely no choice as far as where the software would reside on my iPad. In fact, I had no choices whatsoever beyond yes/no to purchase the apps.
Once the apps were installed, I was able to get some of my Keynote presentations and Pages documents over to my iPad via an iTunes synchronization to my MacBook Pro. (The need to do it that way is a separate topic, discussed below.) But here too, I had absolutely no way of controlling or choosing where the documents were placed on the iPad. Once I synchronized the device, the documents appeared for their respective applications.
For many of my fellow techies, the words “lack of choice” are the kiss of death for a device like this. But for the average consumer, “lack of choice” can be interpreted as “simple,” by and large. And to get to the masses, simple never hurts.
So, what are the security ramifications here? Well, for one thing, there is no direct access to the file system without installing an app that gives you (limited) access to the iPad’s file system. Yes, there are ways to “jailbreak” your iPad and get to the underlying file system, but short of some malware doing that “for” them, that’s not something you’d find any consumers doing.
Now, I’m not naive enough to believe that the sandboxing and compartmentalization won’t get broken by malware and such. It’ll happen, just as sure as the sun rises. Someone will find a vector to inject some malicious data into the device and get that data to execute, causing untold damage to the security architecture of the device.
But the application vetting process should, at least in theory, police some appropriate coding policies. Again, for consumers, that’s a good thing. All the software that is available to the consumer via Apple’s App Store has been vetted and signed. At a minimum, it must comply with Apple’s coding policies.
One highly controversial example of that policy in action is Apple’s exclusion of all Flash content. I’m not going to dive into that political firefight, but Flash does relieve the platform of at least some degree of control over what can and cannot run on the system. I have to believe that that was at least a motivating factor in excluding Flash from the iPad. There’s certainly no shortage of malware in the wild that has used malicious Flash content as its launch vector. I am one iPad consumer who is relieved and grateful to have it excluded from my device.
The result of all this is a platform that is simple, intuitive and highly usable for common home computing tasks. Consumer-friendly activities like viewing photos, listening to music and watching movies have never been simpler or better. I just loaded hundreds of photos of my new basset hound puppy onto my iPad, and I can’t imagine a more perfect platform to show her off to my friends and family than my iPad.
And, even though I am not an average consumer of high-tech devices, I have absolutely no need to understand the underlying organization and architecture of the iPad. The apps I’ve installed just plain work. How can that not be a boon to the consumers of the world?
Not all is perfect in paradise, of course. To be truly useful, the iPad really needs a computer—Mac or Windows PC—to sync with. Some of the apps aren’t powerful enough for heavier needs. But it’s all a great step in the right direction. I’m convinced the model that Apple has laid out with the iPad is the future of home computing. I can’t wait to see how it evolves over the next couple of years now that the software developers have it in their hands.
Time will tell if I’m right about the security aspects, but I’m betting the problems with malware, viruses and the like that we see on other platforms will be virtually obliterated with the iPad model. What consumer won’t find that a breath of fresh air?
[With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University’s CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.]