I received an iPod Touch for Christmas, and before I loaded it up any MP3s or set a single Safari bookmark, I “jailbroke” the device, thereby opening it to all sorts of handy community-supplied applications, including, as Ryan Naraine is reporting today, potentially malicious code:
Security Watch – Apple – Malicious iPhone (Prank) Trojan is Eye-Opener
According to warnings from two anti-virus vendors, a malicious iPhone software package circulating on the Web could cause legitimate third-party applications to be nuked if the Trojan is uninstalled from iPhones.
Even though the Trojan that Ryan wrote about wasn’t all that malicious–an application that messes with its neighbors upon uninstall sounds more like shoddy packaging than naughty pranksterism–the fact is that a jailbroken iPhone or iPod Touch is a malware outbreak waiting to happen.
The screenshot to the right says it all: When you’re running anything on an iPhone, you’ve doing it as the superuser. I imagine that when Apple decides officially to open their superfly devices to third-party applications, they’ll rectify the run-as-root situation, since full-sized OS X handles this pretty well.
In addition, I’d like to see the software development community members whose apps populate the Linux-like Installer.app repositories on my iPod Touch implement a code signing framework such as the ones that Ubuntu, Red Hat and others provide. You may not be able to tell for sure if the app you’re installing will do what it’s supposed to do, but at least you can feel confident about where it came from.
eWEEK Labs’ mobile and wireless expert, Andrew Garcia, was too sensible to leave his iPhone jailbroken, but I plan to keep my iPod Touch hacked. Without third party apps, the Touch is a slick MP3 player with a Web browser, but with the app doors open, it’s the best handheld computer I’ve ever used.