Sparse iPhone, iPad Screen Space Aids Phishers | threatpost.
Pinched screen real estate on iPhone devices may make it easier for users to be fooled into using bogus “phishing” Web sites, according to an analysis by researcher Nitesh Dhanjani.
In a post on the SANS Application Security Street Fighter Blog on Monday, Dhanjani called attention to the common practice of hiding the Web address once Web pages and applications have loaded. That practice, coupled with the ability of application programers to renderĀ screen elements that can mimic real address bars, could throw open the door to the kinds of phishing attacks that modern browsers have long since rendered ineffective.
Dhanjani recommends URLs be displayed within the applications and more importantly that Apple (1) makes this a policy and (2) sets default behaviors to encourage this policy.
You can read Dhanjani’s post in its entirety at Insecure Handling of URL Schemes in Apple’s iOS.