Even a US government warning doesn't make Masque a big deal -- but don't be complacent... In the latest in a series of Apple security warnings, the US government warned iOS users not to install apps from anywhere but the App Store, unless they can vouch for the source. Choose your masques Strangely many reports into the so-called “Masque Attack” (as spotted by FireEye) seem to think that iOS device users purchasing apps from sources other than the App Store is Apple’s problem, rather than being a problem users bring upon themselves. Certainly, if you happen to be a developer beta tester or work within an enterprise shop that distributes internal company apps you may be able to install software from sources other than the official channel, but otherwise you can’t — unless you jailbreak your phones. The unlikelihood of the problem being a problem shouldn’t stand in the way of an anti-Apple salvo, of course, and even the US government got in on the act when it issued its Masque warning. (Perhaps Tim Cook has upset government security staff with his stance on privacy?) Masters of the universe This is what Apple says about Masque (as provided to iMore): “We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. “We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.” Or in other words, “don’t install an app unless you know where it comes from.” The best way those accustomed to downloading apps from third party sources can protect themselves is to remember never to download an app using a link sent in an email. Brainbox pollution You really have to want to install these apps. In order to be compromised by Masque you must download and install a subverted app from a source other than the App Store and then tap “Trust” when prompted to do so by your iOS device. Given that most iPhone users don’t do that then this threat is tiny and really only impacts those who get their apps from proprietary enterprise or jailbreaking app stores. This means most iOS device users needn’t worry too much about the problem — if however you are accustomed to grabbing apps from an enterprise or developer seed download link then try to follow this advice: Always download apps from an authorized source; If you distribute apps make it easy for users to verify their apps are genuine. Spirit of the age Enterprise security pros will want to take steps to educate their users about the vulnerability, given the complex multi-vector attacks used by some hackers to undermine protection. You see, combining data stolen from multiple users using multiple methods can give sophisticated hackers enough information to break into core systems, which means security pros must keep their workers actively aware of common sense steps to protect themselves. In this case, that step is only as simple as to avoid clicking a download link in an email. Which doesn’t seem worthy of a government health warning, unless you happen to read your Assange. The plain truth is that the Masque threat has been overrated, but that’s no excuse for complacency on any platform. Certainly as Apple becomes the go-to tech for enterprise mobility, it will become a more attractive target for such attempts. Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple? Got a story? Drop me a line via Twitter or in comments below and let me know. I’d like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld. Related content how-to How to fix iCloud sync in seconds Here's what to do when your contacts or calendar events don't sync between devices. By Jonny Evans Apr 23, 2024 7 mins iCloud Apple Cloud Storage news analysis Chasing business and partnerships, Apple goes APAC Apple CEO Tim Cook’s week-long visit to Indonesia, Vietnam, and Singapore highlights how the company continues to explore new opportunities in global markets. By Jonny Evans Apr 19, 2024 4 mins Manufacturing Industry Apple Vendors and Providers analysis Apple wants to improve the carbon offset market Apple's just-published annual environmental report detailing its progress towards carbon neutrality shows the company is working hard to be transparent about its efforts. By Jonny Evans Apr 18, 2024 6 mins Technology Industry Apple Green IT news analysis Apple sidles into sideloading in the EU EU users get ready for multiple app stores By Jonny Evans Apr 17, 2024 6 mins Apple App Store Apple iOS Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe