Apple addresses "Masque Attack" concerns - says there's nothing to fear

A few days ago, we talked about Masque Attack – a way for evildoing folks to install a worm into one's iDevice and mask it behind a legit app, such as Gmail. As scary as it sounds, it still requires users to follow a link, in order to get to a site and download the malware, and ignore a warning prompt, which will inform them that the app that's about to be installed should not be trusted.

Yes, it may sound unlikely to you that anyone would ever follow a shady link and then choose to trust an obviously untrustworthy source, but hey – it's a big, big world, and in it – there are a lot of gullible folks – or just children, playing on their parents' iDevices. Also, enterprise apps need to be installed from proprietary sources, not the App Store, so theoretically – it's possible that a phone could be infected in that manner as well.

So, Apple has now acknowledged the Masque Attack method and has dedicated a page on its support website, citing the dos and don'ts of installing enterprise apps from a 3rd party website. Here's a synopsis: If you see the “Untrusted App Developer” warning prompt – click “Don't Trust” and get the app out of your phone faster than you throw a burning coal off of your lap.

On the matter, Apple told the guys over at iMore:



So there you go kids. Don't go following a shady message that reads "OMG, this game is wayy better than Flappy Bird *questionable link here*" and you should be fine.


source: Apple via iMore