Reply to post:

Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store

DrXym

Apple's review procedures remind me of the security gates at Disney World or Universal. At first glance the bag search appears to be there to stop people bringing weapons into the park which it legitimately might do on occasion. But their main purpose is to stop people bringing their own food or drink in and depriving the park of revenue. Same for Apple.

Apple don't review the app's source code, it reviews the binary and subjects it to a test. If it passes the test it is accepted. Given that an app could be hundreds of thousands of lines of code it would be relatively trivial to hide something that passes this test and still does something malicious in the future.

Likewise with extensions. Anything malicious could be obfuscated. It would be better to monitor the behaviour of the extension in the wild, or a simulated wilderness and see what it does.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon