Researchers Show How Apple's App Approval Process Can Be Beaten by Malicious Apps

by

NewImageResearchers from Georgia Tech submitted to the App Store and received approval for a malicious app, according to Technology Review. The researchers submitted an innocuous app that included inactive malware-type code hidden from Apple's app approval system.

When downloaded onto a test device after the app was approved, the app 'phoned home' and gained a variety of abilities that compromised the host phone.

This malware, which the researchers dubbed Jekyll, could stealthily post tweets, send e-mails and texts, steal personal information and device ID numbers, take photos, and attack other apps. It even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware.

The researchers, including Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, only put the app on the App Store very briefly and it was not downloaded by anyone other than research team members.

The team said that using monitoring code built into the app, they determined that Apple's app approval team only ran the app for a few seconds and that malicious code was not discovered by Apple's team. "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," said Lu.

Apple spokesman Tom Neumayr told Technology Review that the company made some changes to the iOS operating system in response to the paper, though he did not specify what the changes were.

Popular Stories

Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
Read Full Article96 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max Battery Capacity Leaked

Thursday July 3, 2025 5:40 am PDT by
The iPhone 17 Pro Max will feature the biggest ever battery in an iPhone, according to the Weibo leaker known as "Instant Digital." In a new post, the leaker listed the battery capacities of the iPhone 11 Pro Max through to the iPhone 16 Pro Max, and added that the iPhone 17 Pro Max will feature a battery capacity of 5,000mAh: iPhone 11 Pro Max: 3,969mAh iPhone 12 Pro Max: 3,687mAh...
Read Full Article112 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
Read Full Article46 comments
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...
Read Full Article77 comments
airpods pro 2

AirPods Pro 3 to Help Maintain Apple's Place in Earbud Market Amid Increasing Low-Cost Competition

Thursday July 3, 2025 7:25 am PDT by
Apple's position as the dominant force in the global true wireless stereo (TWS) earbud market is expected to continue through 2025, according to Counterpoint Research. The forecast outlines a 3% year-over-year increase in global TWS unit shipments for 2025, signaling a transition from rapid growth to a more mature phase for the category. While Apple is set to remain the leading brand by...
Read Full Article33 comments
Wi Fi WiFi General Feature

iOS 26 Adds a Useful New Wi-Fi Feature to Your iPhone

Wednesday July 2, 2025 6:36 am PDT by
iOS 26 and iPadOS 26 add a smaller yet useful Wi-Fi feature to iPhones and iPads. As spotted by Creative Strategies analyst Max Weinbach, sign-in details for captive Wi-Fi networks are now synced across iPhones and iPads running iOS 26 and iPadOS 26. For example, while Weinbach was staying at a Hilton hotel, his iPhone prompted him to fill in Wi-Fi details from his iPad that was already...
Read Full Article25 comments
iOS 18

Apple Releases Second iOS 18.6 Public Beta

Tuesday July 1, 2025 10:19 am PDT by
Apple today seeded the second betas of upcoming iOS 18.6 and iPadOS 18.6 updates to public beta testers, with the betas coming just a day after Apple provided the betas to developers. Apple has also released a second beta of macOS Sequoia 15.6. Testers who have signed up for beta updates through Apple's beta site can download iOS 18.6 and iPadOS 18.6 from the Settings app on a compatible...
Read Full Article12 comments

Top Rated Comments

Shrink Avatar
Shrink
155 months ago
I've come to a conclusion that all these analysts / researchers lack any thrill in their lives ..all they want to see is apple or any other company fail ..
I don't understand how pointing out a flaw that can be fixed represents a desire to see Apple fail.:confused:
Score: 12 Votes (Like | Disagree)
rmwebs Avatar
rmwebs
155 months ago
Sorry, I thought this was already public knowledge. Any app developer can embed malicious code, then have it 'turn on' at a specific time. There is no code check, Apple only launch the app - they never get a copy of the source code of each app so have no way of knowing what's inside of it.

The only way this will ever change is if the compilation of the apps is done on Apple servers.
Score: 11 Votes (Like | Disagree)
darster Avatar
darster
155 months ago
Hats off to Georgia Tech!
Score: 8 Votes (Like | Disagree)
Dr McKay Avatar
Dr McKay
155 months ago
Brace yourself. This Thread is about to turn into such a heated debate not even the Marshmallows will survive. :cool:
Score: 7 Votes (Like | Disagree)
JayCee842 Avatar
JayCee842
155 months ago
Fortunately with Apple's system - if something malicious is discovered it can be quickly pulled before harming anyone else.

Try getting the word out about a bad program and having it's website pulled. Much tougher as proven by all the spyware windows applications available.

Too bad this malicious malware wasn't discovered.
Score: 5 Votes (Like | Disagree)
fluchtpunkt Avatar
fluchtpunkt
155 months ago
As long as they reported the issue to Apple privately long before dangling a treat in front of criminals.

Well, the fact that you can deactivate malicious code in your app until your app passed Apples review is well known to basically everyone who writes software.

Does anybody remember HiddenApps (https://www.macrumors.com/2013/03/11/hiddenapps-hides-stock-apps-iads-and-more-on-non-jailbroken-ios-devices/), the app that could be used to hide app icons on your device?
That app fetched a file from a webserver, if the file said "hide malicious code" the app showed some useless tricks on how to save battery. Once the app passed review the file said "do evil stuff" and the app executed the parts that would have lead to an rejection immediately.

There is no way to catch all evil code in an App. Not even access to the source code will make you a hundred percent safe. Because you have to read and understand it all to make a judgement. Ain't nobody got time for that.
Score: 4 Votes (Like | Disagree)
Read All Comments