One can't really know what goes on in Apple's App Store app approval process, as it is something of a mysterious affair that developers sure would like to understand. But for the end user, the "walled garden" approach makes them a lot more trusting when it comes to installing apps, "knowing" that they've been approved by Apple, and so... they must be safe to use, right?
Not quite, as it has now been demonstrated by some reasearchers that created a malware app that went live on the App Store, passing the verification and approval process: even though it could secretly send tweets, emails, messages, take photos, steal information, redirect you to malware web sites, and report home and ask for further instructions.
The "trick" is that they built it in such a way that the code was broken in different blocks that would only self-assemble after the app was running, and from the reports the app sent home, Apple's verification process only ran the app for a few seconds. As the researchers say, that's clearly not enough, and Apple should implement better app verification processes to prevent this sort of technique.
If not, App Store might end up being a worse place to install apps, as the "illusion" of the safe apps will make users more likely to try out "riskier" apps that they wouldn't try if they were in a public store open to all. This time it was just an example used to demonstrate the issue... next time it may be for real.
No comments:
Post a Comment