Apple's Impressive Platform Security for iPhone, Leopard Development

Steve Jobs has released another letter to customers (no separate link is available yet -- it's on Apple's (AAPL) hotnews site), and this one's a doozy. Apple is now promising an SDK for the iPhone and iPod touch for February launch, but has warned developers that it will have features to protect the iPhone platform from viruses and malware.

When I was looking through the 300+ Leopard features Tuesday night, two of them leapt off the page at me:

Tagging Downloaded Applications

Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent — telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.

Signed Applications

Feel safe with your applications. A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications.

Those features jumped out at me because the very first Forrester report I wrote in 1996 was about desktop security and the threat of active content. In that report, I wrote that if you want a truly secure platform, you need both app signing and run-time validation to guarantee that you only run trusted code. I further noted that Windows would never become a truly secure platform without these features. The fact that these features they are built into Leopard says that even as Macs gain in popularity, Apple has no intent of letting its OS or its iPhone become an easy security target. And these two features are worth the entire cost of upgrade and more to anyone worried about desktop and server security.

Of course, this is going to make life complicated for Leopard users for a while. Why? Because there are thousands of Mac OS X applications that users will want to run, but that aren't signed today. Some will never be signed. That means that users will have to designate each of them as trusted the first time they run them. But given that Leopard actually remembers the trust state of each application, users will only have to do that once for each application. And given that most users only run an average of between 10 and 100 applications, it's a small one-time price for a more secure system. And it's better to start now than waiting until there are 100 or 200 million Leopard computers in the field.

It's nice to see Apple not only talk about platform security, but to actually do something about it. And the fact that the millions of iPhones in the world will be both 1) open and 2) secure because they use the same secure foundation says volumes about their bright future.

Nice work, Apple.

Full disclosure: The author owns Apple stock.

P.S. This announcement confirms my speculation earlier this month that the iPhone is a Leopard device and requires Leopard development tools.

P.P.S. Please note that Apple's February launch date for the SDK means that top developers will have had the full six months of cleansing karmic meditation Steve Jobs mentioned would be required.

Comments

[John2007]

Thanks, Carl. Much appreciated.