Yet, the Georgia Tech researchers were able to take the technique to a higher level: They managed to break their app into pieces that were both innocuous and necessary to the software's "official" functionality—such as downloading information from the Internet and sending a webpage to a friend via email—but that could be recombined at runtime to perform illicit actions without the user's consent, such as grabbing all the user's contacts and uploading them to a website of the developer's choosing.
As you can imagine, this kind of attack is very difficult to recognize. To take the air travel analogy further, tracking this kind of vulnerability down would be akin to recognizing a MacGyver-like terrorist who can fashion a gun out of some mints, a newspaper, and a piece of string.
That thing you (can) do
Combatting this problem involves changing the way apps are allowed to access system resources, essentially creating a sandbox that encompasses not just the file system, but also everything from your contacts to your pictures.
With this setup, it is the operating system, rather than human reviewers, that's responsible for stopping apps from accessing any sensitive data, making it nearly impossible for malicious software to run, even if it gets past the app-vetting process. The only way for developers to gain access to the data is to explicitly request an "entitlement" to do so before they submit the app, thus giving the app review folks useful hints on what kinds of functionality they should specifically be examining to ensure compliance with the rules.
Entitlements, already widely used in OS X, allow developers to request access to individual sources of sensitive data.
Entitlements are already a firmly established technology—hey are widely used in OS X, for example, to regulate how signed apps can access everything from the network to the camera, and iOS apps can already take advantage of them if they want to support iCloud or push notifications. In future versions of Apple's mobile operating system, their use will simply extend to encompass just about any kind of sensitive information or functionality that a developer may need.
The real genius of this approach is that it improves security without limiting what apps can do or placing any additional burden on end users; the onus will be entirely on developers, who will be forced to explicitly request entitlements for the resources they need to access, and on Apple's reviewers, who will need to approve or reject those requests.
As far as we—the customers—are concerned, the apps we use every day will continue to ask us whether they can access our contacts, location data, or photo albums, just like before. Behind the scenes, however, a whole new layer of security will help prevent hackers' increasingly sophisticated attacks from wreaking havoc with our personal information.
Sign up for Computerworld eNewsletters.