Researchers Show How Apple's App Approval Process Can Be Beaten by Malicious Apps
Researchers from Georgia Tech submitted to the App Store and received approval for a malicious app, according to Technology Review. The researchers submitted an innocuous app that included inactive malware-type code hidden from Apple's app approval system.
When downloaded onto a test device after the app was approved, the app 'phoned home' and gained a variety of abilities that compromised the host phone.
This malware, which the researchers dubbed Jekyll, could stealthily post tweets, send e-mails and texts, steal personal information and device ID numbers, take photos, and attack other apps. It even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware.
The researchers, including Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, only put the app on the App Store very briefly and it was not downloaded by anyone other than research team members.
The team said that using monitoring code built into the app, they determined that Apple's app approval team only ran the app for a few seconds and that malicious code was not discovered by Apple's team. "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," said Lu.
Apple spokesman Tom Neumayr told Technology Review that the company made some changes to the iOS operating system in response to the paper, though he did not specify what the changes were.
Popular Stories
Apple's iPhone 17 Pro and iPhone 17 Pro Max should be unveiled in a few more weeks, and there are plenty of rumors about the devices.
Below, we recap key changes rumored for the iPhone 17 Pro models:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14 Pro...
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023.
By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
This week, Apple announced the 10th U.S. state that has implemented the feature: Montana.
Below, we have recapped key details about...
Apple's iPhone 17 series is expected to debut in September 2025. This release follows Apple's recent trend of introducing new iPhone models annually in the fall.
To unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, Apple is expected to hold its annual iPhone announcement event during the week of September 8, 2025, with September 9 or 10 emerging as the most likely...
Apple today raised the monthly price of its Apple TV+ streaming service to $12.99 in the U.S., according to 9to5Mac's Benjamin Mayo.
Apple TV+ cost just $4.99 per month in the U.S. when it launched in 2019, but the price has now increased three times. The price went up to $6.99 per month in 2022, and then to $9.99 per month in 2023, and now the service costs $12.99 per month. The latest...
Apple is designing new "TechWoven" cases for the iPhone 17, with photos of some of the alleged case colors shared today by leaker Majin Bu.
The cases feature a muted, fabric design in colors that appear to include black, blue, green, purple, and orange. The TechWoven cases will reportedly replace the fabric-like FineWoven casesthat Apple discontinued with the iPhone 16 launch. The FineWoven...
