Insecurity expert Nicolas Seriot told the Black Hat Conference in Washington that Apple's iPhone security was not as good as Jobs' Mob has been claiming.

The iPhone uses a sandboxing technology to restrict applications to operating system resources with a list of deny/allow rules at the kernel level, However Seriot said these and other permissions are "way too loose," and "Apple should not claim that an application cannot access data from another application."

Seriot said that iPhone apps, including one called Aurora Feint and another called mogoRoad, that made it into Apple's App Store before being de-listed for privacy violations showed that Apple reviewers can be fooled.

With more than 34 million devices in the market, the iPhone is an appealing target for hackers. Seriot has found in his own investigation that sensitive personal data can be picked up just building an application using the known iPhone APIs.

Apple should build something akin to an application firewall for the iPhone so that the user can be informed when certain actions start to occur so he can prevent them from happening, such as an app trying to edit the address book.