Apple Pulls Russian SMS Spam App from App Store [Updated]
Earlier today, Russian security firm Kaspersky Lab reported that it had been alerted to an app available in both Apple's App Store and the Google Play store for Android that was quietly harvesting users' address book contacts and sending them to the developer's servers. The developer's systems were then sending text messages to those contacts advertising the application, with the "From" field being spoofed with the original user's mobile phone number.
The application, Find and Call, ended up primarily targeting Russian users due to its use of the Russian language in the app description, but the app was available in App Stores around the world. The report notes that while there have been previous incidents of personal information being transmitted inappropriately from App Store apps, this appears to be the first time that such information has been used in a malicious manner.
Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store. It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago. But the main issue here is user’s privacy again. It’s not for the first time when we see incidents related to user’s personal data and its leakage. And it’s for the first time when we have confirmed case of malicious usage of such data.
In several updates to the original post, Kaspersky Lab notes that spam invites are also being sent via email. One user was also able to get in touch with the application's author, who claims that the behavior is a bug, although the explanation certainly appears to be suspect.
It now appears that Apple has removed Find and Call from the App Store, as links to the app in the U.S. and Russian App Stores show that it is unavailable. The app did exist for some time, however, as it debuted in the App Store on June 13.
Apple has been working to limit third-party apps' access to personal data, and will be rolling out enhanced permission requirements in iOS 6 to alert users when their data is being accessed.
Update: Apple has issued a statement to The Loop acknowledging that it has pulled the app.
“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines,” an Apple representative told The Loop.
Popular Stories
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Apple is planning to release at least one iPhone 17 model next year with mechanical aperture, according to a report published today by The Information. The mechanical system would allow users to adjust the size of the iPhone 17's aperture, which refers to the opening of the camera lens through which light enters. All existing iPhone camera lenses have fixed apertures, but some Android...
