Researchers Show How Apple's App Approval Process Can Be Beaten by Malicious Apps
Researchers from Georgia Tech submitted to the App Store and received approval for a malicious app, according to Technology Review. The researchers submitted an innocuous app that included inactive malware-type code hidden from Apple's app approval system.
When downloaded onto a test device after the app was approved, the app 'phoned home' and gained a variety of abilities that compromised the host phone.
This malware, which the researchers dubbed Jekyll, could stealthily post tweets, send e-mails and texts, steal personal information and device ID numbers, take photos, and attack other apps. It even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware.
The researchers, including Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, only put the app on the App Store very briefly and it was not downloaded by anyone other than research team members.
The team said that using monitoring code built into the app, they determined that Apple's app approval team only ran the app for a few seconds and that malicious code was not discovered by Apple's team. "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," said Lu.
Apple spokesman Tom Neumayr told Technology Review that the company made some changes to the iOS operating system in response to the paper, though he did not specify what the changes were.
Popular Stories
The iPhone is Apple's top-selling product, and it gets an update every year. In 2024, we're expecting the iPhone 16 and iPhone 16 Pro lineup, with an arguably more interesting feature set than we got with the iPhone 15 and iPhone 15 Pro. Subscribe to the MacRumors YouTube channel for more videos. Capture Button All four iPhone 16 models are set to get a whole new button, which will be...
Apple is widely expected to release new iPad Air and OLED iPad Pro models in the next few weeks. According to new rumors coming out of Asia, the company will announce its new iPads on Tuesday, March 26. Chinese leaker Instant Digital on Weibo this morning 日发布%23">claimed that the date will see some sort of announcement from Apple related to new iPads, but stopped short of calling it an...
Apple suppliers will begin production of two new fourth-generation AirPods models in May, according to Bloomberg's Mark Gurman. Based on this production timeframe, he expects the headphones to be released in September or October. Gurman expects both fourth-generation AirPods models to feature a new design with better fit, improved sound quality, and an updated charging case with a USB-C...
Resale value trends suggest the iPhone SE 4 may not hold its value as well as Apple's flagship models, according to SellCell. According to the report, Apple's iPhone SE models have historically depreciated much more rapidly than the company's more premium offerings. The third-generation iPhone SE, which launched in March 2022, experienced a significant drop in resale value, losing 42.6%...
MacRumors was first to report that Apple was planning to rebrand "Apple ID" to "Apple Account" across its software platforms and websites like iCloud.com as early as this year, and now Bloomberg's Mark Gurman has corroborated this change. A mockup of the new Apple Account branding In his Power On newsletter today, Gurman said the new "Apple Account" branding will start to be used later this...
iOS 17.4.1 and iPadOS 17.4.1 should be released within the next few days, with a build number of 21E235, according to a source with a proven track record. MacRumors previously reported that Apple was internally testing iOS 17.4.1. As a minor update for the iPhone, it will likely address software bugs and/or security vulnerabilities. It is unclear if the update will include any other changes. ...
Top Rated Comments
The only way this will ever change is if the compilation of the apps is done on Apple servers.
Too bad this malicious malware wasn't discovered.
Well, the fact that you can deactivate malicious code in your app until your app passed Apples review is well known to basically everyone who writes software.
Does anybody remember HiddenApps (https://www.macrumors.com/2013/03/11/hiddenapps-hides-stock-apps-iads-and-more-on-non-jailbroken-ios-devices/), the app that could be used to hide app icons on your device?
That app fetched a file from a webserver, if the file said "hide malicious code" the app showed some useless tricks on how to save battery. Once the app passed review the file said "do evil stuff" and the app executed the parts that would have lead to an rejection immediately.
There is no way to catch all evil code in an App. Not even access to the source code will make you a hundred percent safe. Because you have to read and understand it all to make a judgement. Ain't nobody got time for that.