> [...] computers aren't intrinsically linked to their credit cards. Phones are, and it would be completely trivial (and very tempting) to make a dialer.exe type program that surreptitiously makes $9.95/min calls to Nigeria. List it as some kind of a raunchy sex line and try pleading innocence to your telco about that one.
What makes Apple's approach that much more secure? They don't inspect the source code of an App. There could be hidden 'call home' features that are waiting for a switch to be flipped to execute the malicious code that's wrapped up in a pink and fuzzy package. Sure Apple can hit a 'kill switch' on an App, but they need to know that the App is a threat before they do so. What happens when an App does your 'dialer.exe' example and calls Nigeria? Does this immediately alert Apple to 'suspicious goings-on' and they make a dramatic leap to hit the big red button?
What makes Apple's approach that much more secure? They don't inspect the source code of an App. There could be hidden 'call home' features that are waiting for a switch to be flipped to execute the malicious code that's wrapped up in a pink and fuzzy package. Sure Apple can hit a 'kill switch' on an App, but they need to know that the App is a threat before they do so. What happens when an App does your 'dialer.exe' example and calls Nigeria? Does this immediately alert Apple to 'suspicious goings-on' and they make a dramatic leap to hit the big red button?