Printed from http://www.electronista.com

Researchers get malware app approved by Apple

updated 06:15 am EDT, Mon August 19, 2013

More questions raised about Apple app approval process

The security of Apple's App Store approval process has had its credibility challenged following revelations that it approved an app that was submitted by researchers with remotely assembled malware hidden in its code. According to Technology Review, the team from Georgia Tech monitored the app throughout the approval process and found that Apple only ran the app for a few seconds before approving it. This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails.

"The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed," said Long Lu, a member of the team at Georgia Tech, led by Tielei Wang. "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," Lu asserted.

In May this year one of our editors, Sanjiv Sathiah, reported discovering two fake apps that had slipped through Apple's app approval process. Apple removed the apps upon being notified of their existence. At the time, MacNN contacted Apple regarding the two fake apps and spoke to Apple spokesperson Jesse James. James was not prepared to comment on how the apps were able to slip through Apple's app approval process, but was only prepared to state that the "Apple App Store is the only curated app store in the world."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. msuper69

    Professional Poster

    Joined: 01-16-00

    I wonder if Apple will trigger the kill switch for this app.

  1. prl99

    Dedicated MacNNer

    Joined: 03-24-09

    Developers complain about how long it takes to get their apps approved. Now this process will take even longer to make sure apps like this "research" app doesn't get through. I can see Apple shutting down the approval process like they did the developer website to change the entire process. I hope this team contacted Apple before spreading it all over the web. Wait, why would they. If they did they wouldn't get the recognition they were looking for.

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    App reviews are held by regular people. And they don't have magic "code-monitoring" apps to watch if bad things happen (how do you define a "bad thing" anyway).

    Sometimes some get through, but when discovered, they are pulled pretty quickly.

  1. azrich

    Fresh-Faced Recruit

    Joined: 04-19-10

    prl99- check out the linked article. It says there that the only devices the app was installed on were the researcher's own, where the malware worked as designed. The article also says they took it down before anyone else could get it. I don't think these are glory seekers so much, but that's just my take on it.

    I'm glad these guys were the first to get one like this through vs some real bad coders. This shows the complexity of security in this day and age. It reminds me of messages encoded in JPG images being sent between spies.

  1. Marook

    Forum Regular

    Joined: 05-05-99

    Hmm, as far as I know, you are NOT allowed to fetch/build code not already in the App, so by doing this, they broke the developer agreement.. That's also why Java & Flash is not allowed!

    Wonder how they did that..

  1. prl99

    Dedicated MacNNer

    Joined: 03-24-09

    azrich--it's called Steganography and I wonder if malware detection software actually checks for these types of things.

  1. YangZone

    Fresh-Faced Recruit

    Joined: 05-24-00

    Knock-knock...

  1. Sandman619

    Fresh-Faced Recruit

    Joined: 07-28-06

    The issue here is that Apple's iOS terms do not permit apps to download remote code. This is probably more of an honor system, since there probably isn't anyway to prevent this from happening, since it is controlled on the developer side. Apps designed this way would be hard to detect, since the developer would not execute such code until after the app is approved. Apple would probably need to conduct a post approval app review if they want to catch these apps

  1. broohaha22

    Fresh-Faced Recruit

    Joined: 07-07-06

    "This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails."

    I think this should have said "This did NOT give Apple the time to detect the malicious code...."

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News