Apple's Planet of The Apps - Are They Secure?

Jul 12, 2017 8:55:55 AM / by Himanshu Dwivedi

Apple has launched a new reality TV show called Planet of the Apps. Similar to the popular TV show Shark Tank, each week app publishers will pitch their iOS apps to a celebrity panel of judges including Jessica Alba, Gwyneth Paltrow, Gary Vaynerchuk, and will.i.am. The celebrity judges will decide if the app publishers advance to the next stage, which is a meeting with venture capitalists who may invest in their companies.

planet of apps series logo with hosts.jpg

While meetings with VCs are a great launching point for the app, in a way, app publishers who have made it onto the show have already succeeded in the mass exposure category. Specifically, the exposure from the TV show, which will be heavily promoted by Apple, could elicit a large number of downloads from the App Store in a single day (from 10K to 100K). Thus, while some publishers may not be funded, the fact their app is being promoted internationally by Apple might be more than enough to succeed.

Being promoted by Apple is an incredible opportunity for the app publishers; however, viewers of the show might assume the app is “safe” or “protects privacy” since Apple is behind the whole thing. Since many of these apps are brand new, security might still be an afterthought for their organizations (which is not ideal but very normal/expected). It would seem that Apple would want to ensure brand integrity by making sure the apps featured adhere to security standards (including Apple’s own) or that VCs looking to invest would be doubly impressed if the featured apps had security as a consideration. Shouldn’t security be addressed prior to publicizing?

To ensure viewers know how well their data is protected by these ‘Apple promoted’ apps, Data Theorem has analyzed (and will continue to analyze) the security of these apps and  publish the core security/privacy results for each app after each episode, focused on core results:

  • P1 Issues
    • Security issues that allow remote attackers to export data from the app
  • App Store Blockers
    • Security/Privacy issues that are blocked by Apple’s App Store submission process

Scoring Legend & Guidance

  • Wait to Download: The current release of the app has one or more P1 issues or App Store Blockers.
    • Check back here after Data Theorem has contacted the publisher and provided the Secure Code to fix the issue
  • Safe to Download: The current release of the app does not contain a P1 issue nor does it have any App Store blockers
    • Continue to check here if future releases remain the same (new releases can re-introduce issues)

*Please note: Every app has High/Medium/Low Severity issues -- all of them, including apps published by Apple themselves. For the purposes of this analysis, Data Theorem will only report P1 Issues or App Store Blockers, as they are the primary concern for this analysis, and not the other 10 to 25 High/Medium/Low issues that may be embedded in each app.

planet of apps episode 1 image apple store.png

Episode One Results:

  • Episode 1 (Air date: June 8, 2017)
    • Companion
      • (v.3.3) : Safe to Download
        • P1 Issues: 0
        • App Store Blockers: 0
      • Pair
        • (v.3.2): Wait to Download
          • P1 Issues: 0
          • App Store Blockers: 1
      • Twist
        • (v.2.1): Wait to Download
          • P1 Issues: 1
          • App Store Blockers: 1
      • Walc
        • (v.1.1.4): Wait to Download
          • P1 Issues: 0
          • App Store Blockers: 1
      • Skootch
        • (v.2.1) : Wait to Download
          • P1 Issues: 0
          • App Store Blockers: 1
      • SILO
        • (v.1.3): Wait to Download
          • P1 Issues: 1
          • App Store Blockers: 1

 

Topics: Mobile App Security, privacy, Apple

Himanshu Dwivedi

Written by Himanshu Dwivedi

CEO of Data Theorem, Inc.