[pyre]

The AppStore approval process does not guarantee that something is not malware. At best it's just a superficial filter. It's like creating a mail filter that puts any email that contains the word 'viagra' into your spam folder and calling it a 'spam filter.'

[tjogin]

Unlike the non-functioning spam-filters you speak of, the AppStore approval process actually has a flawless record of keeping it out.

Now, I'm not saying that's squarely because of the diligence of the reviewers. Most likely, it's just as much or more because there's a paper trail from every app to its publisher, a long with the fact that someone is at least going to make a cursory review of the app before giving it the 'OK'.

One of these, or all three in combination is keeping malware out of the AppStore. Whichever, the end result is that the AppStore review process is stopping malware extremely well.

[pyre]

> Unlike the non-functioning spam-filters you speak of, the AppStore approval process actually has a flawless record of keeping it out.

Those non-functioning spam-filters also kept spam out when all you had to filter on were the words 'real estate,' 'viagra,' and 'cialis.' Lo and behold though, the world does not stagnate and those same filters are woefully inadequate today.

> Most likely, it's just as much or more because there's a paper trail from every app to its publisher

There are marketplaces out there where a person's entire identity (not just their credit card number) are bargained and traded. How closely does Apple monitor the information that is given to them? Does Apple continually pull credit reports on people to make sure that their information does not turn up stolen?

> a long with the fact that someone is at least going to make a cursory review of the app before giving it the 'OK'.

That cursory review means nothing. There are many apps which are nothing more than wrappers around websites. How long does it take to to build an app that is such, but waits for a trigger (at some point after the app is approved and has an installed base) to enabled its malicious features?

None of this even addresses possible zero-day exploits in apps that access external content (email worms, browser exploits, etc). If jail-breakers can run unsigned code on the iPhone, so can someone that exploits an app.

[tjogin]

Fact remains: no malware on AppStore.

[pyre]

Absence of malware does not prove that the AppStore model is superior. It just proves that there is currently no known malware. It is much easier to disprove something (i.e. find malware on the AppStore; therefore the model is flawed) than it is to prove something (i.e. there is no malware on the AppStore; therefore the model is perfect).

[tjogin]

It also certainly doesn't prove that AppStore's malware filtering is broken. It suggests that it does work, very well.

[ZeroGravitas]

Flawless record? What about all the ad-supported apps where the new ads suddenly started calling premium phone numbers if you accidentally tapped the ad.

[mechanical_fish]

Unfortunately, that exception kind of proves the rule. Apple left in a loophole - they kind of had to allow apps to link to arbitrary external content without registered authors - and, lo, through the loophole comes malware.

This, alas, is why I'll probably have to keep buying computers instead of just the iPad if I want to run emacs or other user-scriptable apps. To the extent that it is possible, Apple wants every line of code on the phone to be traceable to an author and revokable in case of trouble.

The exception is the web, of course. Apple's browser supports everything; if you want arbitrary power, write one of those web apps we've heard so much about for the last decade! We who aspire to use emacs on iPad now need an HTML5/JS version. It's like being boiled in our own Kool-Aid: people have been claiming for years that web apps can eventually replace all other apps, and now the rubber meets the road.

[ZeroGravitas]

Isn't this the same old DRM/Terrorism loop where every breach of the pointless and/or ineffective restrictions is used as justification for the next round of pointless and/or ineffectual restrictions. And along the way you the honest consumer/citizen lose the ability to modify your device, to reverse engineer, to crack protection for any reason, and various other 21st century civil rights as collateral damage.

[theBobMcCormick]

That makes about as much sense as athletes who believe their winning streak is caused by their "lucky socks" or some such. By that logic, the lack of review process in the Android market has also had a flawless record of keeping out malware.