“This is an excellent catch,” says Will Strafach, founder of Sudo Security Group and developer of the Guardian Firewall app for iOS.I've never had a problem with Apple's 30% fee. While not unheard of on iOS, it’s much more rare, especially with this level of sophistication. Security firm ESET announced just yesterday that it found 42 Google Play Store adware apps, downloaded millions of times. Apple’s been through that on a larger scale than this in 2015, some developer forums hosted versions of its Xcode software tool with data-stealing code appended to it, resulting in dozens of infected apps sneaking onto devices.Īdware’s a less severe problem, and again, it’s downright endemic to Android. Developers sometimes incorporate code from third-party or unauthorized sources to build out their apps borrowing from the wrong bin can easily-and accidentally-turn a speedometer app into something malicious. And in fairness, it’s entirely plausible that they had no idea that its apps were behaving this way. In an email, AppAspect Technologies pleaded ignorance, saying that it only found out about the issue after Apple had removed its apps, and that it’s working its way back to compliance. At that point, it would reach out to its boss-the command and control server-which would instruct the app to turn your iPhone into an invisible click farm. If you downloaded one of these apps, it would act perfectly normal until it was reasonably confident that you’re a genuine mark. More important, in this case it was effective. In this case, the presence of a SIM card indicates that the phone belongs to a real person rather than a security researcher-or one of the many humans that screen apps for App Store approval. “They had the intelligence to not just wait a few days, but to actually wait for other pieces of context to line up in the way that the developer wanted them to,” Covington says. And while the worst effects you’d feel as a victim in this case would be a quicker battery drain and a higher data bill, this latest wave of iOS malware is most notable not for what it does but for how it got there. That sort of adware makes regular appearances on Android, in part because that platform’s third-party app stores are riddled with bad actors. Instead, the apps, which ranged from a calculator to a yoga pose repository, ran invisible ads in the background of the device, generating phony website clicks to inflate ad revenues. While they were live, they didn’t steal data or gain control of a victim’s device, behavior that other recent iOS fumbles could have enabled. The malicious apps-17 of which were discovered by mobile security company Wandera, all from the same developer, while Apple spotted another using the same technique-have already been taken down. But things do slip through the cracks-including 18 apps that used evasive maneuvers to sneak past Apple’s defenses. Despite some recent pronounced lapses, the iPhone remains one of the most secure consumer devices you can buy, thanks in large part to the locked-down ecosystem of the iOS App Store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |