According to recent reports, some versions of Apple Xcode used by developers have been compromised and are being used to inject tracking codes in iOS apps without developer knowledge.
Just because you are immune to a virus, does not mean you should forward it on to anyone else and assume they are able to detect and remove it.
I have long believed that Apple OS X users should deploy a security policy. The following are tips for creating one:
1) Be a good Internet citizen
It is considered impolite to pass on a virus and other viral infections to other computers through infected emails and documents. It’s also a waste of CPU cycles and mobile data plans.
Most Windows systems will clean infections, but if you’re using OS X or Linux, these infections can be sent onwards unnoticed. This puts your friends, family, work colleagues, customers and partners at risk!
Windows users have, for many years, protected themselves with software that identifies and removes malicious content from email and documents. It is a perpetuated joke in the Mac OS X community, whose common understanding is that they don’t need such protection, and that viruses are a Windows issue.
But OS X users also need to stop forwarding the risk on to others.
You could argue that Windows solutions are the most mature solutions available today. This isn’t news to companies and individuals using Microsoft Windows, and they have adopted best-practice security policies to protect themselves.
2) Recognize that the world is not running one uniform Operating System
In today’s connected world, people will inevitably view your email and documents not on just one OS, but also on a mobile OS. This means that any malicious content could infect multiple devices, exponentially compounding the problem.
3) Protect your customers
Developers of mobile applications need to protect their customers by ensuring they don’t forward infections to which they themselves may be immune. More seriously, they could unknowingly build the rogue code into applications they are creating for customers.
What can you do about the risk
Audit your contracted developers, demand they provide and show adequate security policies. Ensure they are protecting themselves to an acceptable level. Questions to consider:
1) Do you audit your third partner developers’ security arrangements for protecting themselves and you?
2) Do you have the internal skills to evaluate audits for different developer operating systems? These include:
• Microsoft Windows
• Apple OS X (iOS developers)
• Linux (Android developers)
3) If you have an internal security policy, have you considered extending a subset of this policy to external developers and bespoke software suppliers?
4) Do you execute a security audit of your bespoke mobile applications?
These considerations also extend to developers of cloud and web services.
Don’t pass on malware. Take extra precautions to protect yourself and your associates.
Timothy C B Cox
Director Business Development – Middle East & Africa