The San Jose Mercury News has a thought-provoking article about malware on smart phones. Entitled “New worry for mobile phones: malware,” the article seems inspired by the recent release of the totally “open” Google “Android” smart phone, along with the iPhone’s success. The article lumps the iPhone in with other smart phones in regards to potential malware, which isn’t entirely accurate. It also sparks an interesting insight into the ongoing Mac-verus-Windows security debate. Let’s take a look.

The article starts with “Is your phone the next [malware] battleground?” and goes on to cite security experts as thinking that it could be. And they’re right. As the article points out, a smart phone “has a full operating system and can run applications much like a desktop computer.” That’s the root of the problem in this case. Smart phones are really personal computers.

The article next goes on to under-emphasize a key point, which also applies to all computers: “Other security issues — such as simply losing a phone — are arguably of more concern to mobile phone users today.” In other words, physical security first, as we say in the book.

The article then makes a key and accurate point: “For example, owners of the iPhone, one of the first phones to have a full-fledged Web browser, are much more likely to surf the Web on the device than other smart-phone users.” Web surfing does seem to be the most vulnerable point of exposure for iPhone users. Safari has been known to have exploitable (in fact, exploited) vulnerabilities, so iPhone users are vulnerable here. Especially since Safari is really the only way to browse most of the Web on the iPhone (our iEnvision product, for instance, browses just images), we need to count on Apple to keep Safari as bug-free as possible.

Potentially the most interesting point in the article comes near the end: “Other analysts see the threat growing because of the increased ease with which mobile users can download and install applications to their phones. Apple's iTunes App Store paved the way in that regard, but Google promises to place even fewer controls on the applications for its new Android platform.” On “open” systems, like Windows, the Mac OS and Android, downloaded apps are definitely a key threat. An important point the article misses, however, is that Apple has tackled this issue head on in the App Store.

As we emphasized here previously, Apple has done an excellent job by, among other security measures, imposing slight limitations on how we developers develop iPhone apps. By slightly limiting the platform’s openness, Apple has greatly limited its vulnerabilities. This seemed, and seems, like a good tradeoff, and so far there have been no serious pieces of iPhone malware discovered in the App Store (and still lots and lots of apps). It will be interesting to see if such malware appears to a greater extent on Google’s or other smart phone platforms.

Getting back to the subject of this blog, the Mac has historically been a much more secure platform than Windows for two principal reasons: it was designed with the user, and hence security, as its focus, and it has had a much lower market share. The iPhone OS was also designed with the user as its focus, but right now is the dominant OS as far as downloadable apps go. It should thus provide some additional data in the ongoing debate as to which of the two Mac-security factors is the main one. Assuming it continues to dominate, will the iPhone succumb to malware, or will its design, and user focus, prevail? Stay tuned.