Subscriber Discussion

You Have Just Been Told Your Product Has Malware On The APP, Do You Tell Your Customers And How?

UI
Undisclosed Integrator #1
May 13, 2016

Let's say your manufacturer informs you their APP has malware in it and your customers should delete it, but a new fix is due quickly. Its likely a major feature in the decision process and they aren't going to be happy without it.

Do you notify your customers? If so, how? How does everyone get the message? Do you have a way to track who has the app?

Is deleting an app enough? With some computer viruses the only real sure fix is to format the drives and install a previous backup?

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

Wether or not to delete it depends on many factors. On an iPhone, apps can only see their own space and the clipboard. They cannot see other apps or the iOS space. Little harm can be done.

However, if your iPhone has been jailbroken, all bets are off.

U
Undisclosed #2
May 22, 2016
IPVMU Certified

They cannot see other apps or the iOS space. Little harm can be done.

Remember all those pop-ups that you hit enter on when you first installed the rogue app? Ones like "Allow access to Location/Photos/Address Book"?

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

That's only on Android. iOS doesn't have that.

UI
Undisclosed Integrator #1
May 22, 2016

I was asked on another DVR app if I would give access to photos, mic and camera for iPhone. Does that count?

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

That is different than contacts and other private info.

U
Undisclosed #2
May 22, 2016
IPVMU Certified

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

How old of a device is that? If you aren't running the latest iOS then any issues you encounter are your own fault.

(1)
UI
Undisclosed Integrator #1
May 22, 2016

Well, I'm running 9.3.2 iOS on an iPhone 6s+. Is that current enough?

Now back to the question. Did you tell your customers to uninstall?

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

I would tell them about the issue and let them decide. If they asked for advice, and they had an updated, secure iPhone, I would say keep the app, but restrict access to photos, camera, mic, etc.

U
Undisclosed #2
May 22, 2016
IPVMU Certified

What?

Are you saying the new versions don't ask you any more or don't allow access to the photos? Which one?

In any event, we are not talking about "me". We are talking about your customer and what you will be informing them if your system requires an app that is found to have malware.

Which I assume would be "any issues you encounter are your own fault".

UI
Undisclosed Integrator #1
May 22, 2016

Jon, that answers one part and presumes the malware didn't work around that.

i think the more important question is who do you notify and how since your product is now a part of the problem?

Avatar
Jon Dillabaugh
May 22, 2016
Pro Focus LLC

There's no working around it. If there was a way around it, there would be much more to worry about than just a single app.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions