2

Monday of this week: researchers announced the WPA2 KRACK exploit that effectively voids the protection of WPA2. Supposedly Microsoft already fixed it, Apple's working on patching it for Mac OS and iOS. Android and Linux get the worst of it - facing the most dangerous forms of the exploit and with minimal resources for updates.

With that in mind, how safe is downloading new apps from the App Store over Wi-Fi? Should I download apps to my computer and sync them over via USB connector while waiting for a patch?

Anders
  • 64,406
  • 24
  • 178
  • 215
user1258361
  • 420
  • 2
  • 12

1 Answers1

6

You should be fine to download new apps from the App Store.

Let me start by saying that there are no known instances of KRACK being used in any exploit outside of research environments so far. Even if it is and your connection has been compromised, you should be safe using the App Store.

Logging into and accessing the App Store has been using HTTPS since 2013 (see here for more). This means that any of the communication to the App Store should be secure.

As for the apps themselves, Apple makes the process fairly secure. Each developer of iOS apps is required to apply for a certificate to sign any application they create. iOS devices use this certificate to verify the signature that the application is authentic and unchanged before installing the application (I recall sometime before 2010 when they enabled this it created a bit of a stir as it deleted any "invalid" apps). An attacker would have to have a valid certificate from Apple as a developer and modify the application's signature to their own to modify the application.

Of course, no security it bullet proof, so if you want to err on the side of caution and use the USB transfer method you describe, there would be no harm in that either.

YLearn
  • 3,967
  • 1
  • 17
  • 34