New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Pulls Russian SMS Spam App from App Store [Updated]

Thursday July 5, 2012 10:38 am PDT by Eric Slivka
Earlier today, Russian security firm Kaspersky Lab reported that it had been alerted to an app available in both Apple's App Store and the Google Play store for Android that was quietly harvesting users' address book contacts and sending them to the developer's servers. The developer's systems were then sending text messages to those contacts advertising the application, with the "From" field being spoofed with the original user's mobile phone number.


The application, Find and Call, ended up primarily targeting Russian users due to its use of the Russian language in the app description, but the app was available in App Stores around the world. The report notes that while there have been previous incidents of personal information being transmitted inappropriately from App Store apps, this appears to be the first time that such information has been used in a malicious manner.
Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store. It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago. But the main issue here is user’s privacy again. It’s not for the first time when we see incidents related to user’s personal data and its leakage. And it’s for the first time when we have confirmed case of malicious usage of such data.
In several updates to the original post, Kaspersky Lab notes that spam invites are also being sent via email. One user was also able to get in touch with the application's author, who claims that the behavior is a bug, although the explanation certainly appears to be suspect.

It now appears that Apple has removed Find and Call from the App Store, as links to the app in the U.S. and Russian App Stores show that it is unavailable. The app did exist for some time, however, as it debuted in the App Store on June 13.

Apple has been working to limit third-party apps' access to personal data, and will be rolling out enhanced permission requirements in iOS 6 to alert users when their data is being accessed.

Update: Apple has issued a statement to The Loop acknowledging that it has pulled the app.
“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines,” an Apple representative told The Loop.


[ 120 comments ]


Top Rated Comments

(View all)

Avatar
Richdmoore
89 months ago
I hope apple uses it's "kill switch" to delete this app from those phones that have already downloaded the app.
Rating: 35 Votes
Avatar
RoelJuun
89 months ago
The first question that pops up in my mind is; how got it in the app store in the first place.
Rating: 21 Votes
Avatar
Skika
89 months ago

This would never have happened if Steve Jobs was still with us. :eek:


The only way i can make it through the day without suicide is convincing myself that people like you are just trolls.
Rating: 21 Votes
Avatar
Mad-B-One
89 months ago

Why are people acting like there hasn't been malware on the iPhone before? About two months ago, I had malware that quietly changed whatever phone number was the top of my Favorites list to a 1-800 number I didn't recognize. Delete that entry from my Favorites list, and two seconds later, whatever the new top number was on my Favorites changed to that 1-800 number. I ended up wiping and reinstalling iOS, and the problem went away.

This started up after I got a spam SMS message.

Anybody else seen this?


Do you have a JB phone?
Rating: 18 Votes
Avatar
ouimetnick
89 months ago

I hope apple uses it's "kill switch" to delete this app from those phones that have already downloaded the app.


In this case, thats a good idea. If all the app does is spam, spam, and spam, then kill it. Was this a free app? If not, they should take the money from the developer's account (if he has received it already) and return it to the people who downloaded this app.
Rating: 17 Votes
Avatar
chainprayer
89 months ago
Is it just me, or is anyone else wanting to see the kill switch in action? :-P
Rating: 16 Votes
Avatar
Mr. Gates
89 months ago
"In soviet Russia .......Apps Download YOU !"


Rating: 14 Votes
Avatar
darkslide29
89 months ago

The first question that pops up in my mind is; how got it in the app store in the first place.


Oh how I would hate to be that Quality Assurance Tester that signed off and accidentally let this one slip by. Especially if this really is the first incident in five years, as the article states.

But thinking about it further, there are a lot of apps that access the entire address book. A game like Words with Friends can access the address book, they just are trusted to NOT spam. This app probably went through, and the developer is being a **** by spamming after the fact.
If that's the case, I don't know how this can be stopped during the approval process.

Unless it's easy to see when an app is uploading address books to an outside server..
So many questions..
Rating: 12 Votes
Avatar
Mad-B-One
89 months ago

One user was also able to get in touch with the application's author, who claims that the behavior is a bug, although the explanation certainly appears to be suspect.


Yea, right: "I got all that contact info and didn't know what to do. So, I started to advertise my App to them impersonating you. That clearly was a bug!"

It's like the situation where the husband walks in on the pool boy and his wife: "Oh, I understand! She was changing, you were taking a leak and when you stumbled, you both tripped 10 feet and landed naked on top of each other in the bed. Time for you to accidently fall 20 times backwards into my kitchen knife! Surely no problem for someone that clumsy."
Rating: 11 Votes
Avatar
darkslide29
89 months ago
Funny, I got some malware last week. All of a sudden this app wiped all of the email addresses in my address book, and replaced them with an @facebook.com email address.

Oh wait that was the official Facebook app and it's still up :p
Rating: 10 Votes

[ Read All Comments ]