iPhone users at serious risk of malicious software attacks claims Swiss programmer

And Seriot claims that Apple's process for checking whether an iPhone app contains malicious code before it is approved for distribution on the App Store is flawed. Even if you have not installed unapproved software, you could still be in danger, he claimed.

Seriot, a software engineer and teaching assistant at the Swiss University of Applied Sciences, has submitted a white paper to The Black Hat hackers' conference on 'how a malicious  application could be crafted to fool Apple's mandatory reviews in order to be accepted on the App Store. '

'With some 10,000 [Apps] submitted each week, invariably, some malware are going to sneak through. Consequently, it must be assumed that spyware are currently on the App Store,' Seriot warns. 

Of course all smartphone owners, are at risk of downloading similar malicious software, especially as stores like  Android Application Store do not subject developers to the same approval process as Apple's App Store.

Seriot points out that the iPhone's Address Book 'is readable without the user's knowledge or consent.' This makes it relatively easy for malware to covertly steal personal data and even trick an iPhone owner into sending confidential emails to an address owned by a criminal gang.

Seriot created a proof-of-concept App, called SpyPhone, which makes use only of documented APIs that can steal personal data including the phone number, Address Book contents and several other pieces of data readable on the file system.

Some scary scenarios

Seriot outlined a number of ways in which iPhone malware could make iPhone owners victims of crime. In one he considers a hypothetical application for 'Rolls Royce owners or art collectors' which could 'report the name, the area and the geotagged photos of wealthy people.'

'This is enough informations to rob them, especially if it can be determined that the targeted individuals are currently away from home,' Seriot's white paper warns.