cnet: On Wednesday, Swiss Researcher Nicolas Seriot will give a talk at the Black Hat DC security conference where he will explain how rogue iPhone apps could easily access users' personal data. "It turns out that the full Address Book is readable without the user's knowledge or consent," he writes in a paper on the subject.
To demonstrate his point, he created an app called "SpyPhone" that can track a lot of information about iPhone users, including finding the user's location using the built-in GPS and logging keystrokes used to input login credentials. These same capabilities could be hidden in an innocent-looking app like a game and could make it past Apple's screening process.
In fact, Apple has had to remove several applications from the App Store because they contained similar malware. With this in mind, Seriot recommends that "Professional users should avoid running untrusted applications, especially if they are required by law to protect data confidentiality."