Click here for the best deals, brought to you by HP and PhoneArena
iOS Apple Apps

Researchers tricked Apple into approving an app loaded with malware

Alan F. posted by Alan F.   /  Aug 18, 2013, 12:53 PM
Researchers tricked Apple into approving an app loaded with malware
Researchers at Georgia Tech managed to get an app approved by Apple and posted on the Apple App Store. But unlike other apps, this one was a ticking time bomb. Inside the app, researchers placed fragments of code that were programmed to come together and assemble itself into malware. The program, aptly code named Jekyll, could send emails, tweets and texts under the radar while at the same time it could grab a device's ID number, steal personal information, take pictures and attack other apps. And it could even send mobile Safari to a page containing even more malware. In other words, this app could have been an iPhone user's worst nightmare.

The good news is that the researchers quickly took down the listing after it was posted for just a few minutes back in March. No innocent iPhone installed the app. The Georgia Tech team, on the other hand, downloaded the program and infected their own device. The researchers were able to tell that Apple ran the program for only a few seconds before giving it a stamp of approval. Unless it ran the app for a longer period of time, Apple would never know about the malware because the bad code was hidden in separate small "code gadgets" hidden by a legitimate app. Once the app was approved, the code was designed to stitch together to form the troublesome malware that could wreak havoc on an iPhone.

Apple's review process is not doing enough to safeguard the App Store. That is the message that researchers are broadcasting following the ruse. Long Lu, a member of the research team says, "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen." Lu adds that it is possible that some apps on the App Store are malware and have just not yet been detected.

source: MITTechnologyReview via GIGaom

FEATURED VIDEO

Options

57 Comments

Kelley71
Reply

1. Kelley71

Posts: 105; Member since: Nov 26, 2012

Sane time?

posted on Aug 18, 2013, 12:57 PM

gazmatic
Reply

2. gazmatic

Posts: 822; Member since: Sep 06, 2012

at least now the app store would be safer going ahead i dont think apple wants this kind of publicity hopefully

posted on Aug 18, 2013, 1:03 PM

quadrazeus
Reply

3. quadrazeus

Posts: 359; Member since: May 03, 2013

My cousin tricked Google into approving an app loaded with malware. And he's just 17, lol.

posted on Aug 18, 2013, 1:05 PM

Sauce unregistered
Reply

4. Sauce unregistered

I don't think anyone has to even 'trick' Google into getting malware onto the Play Store.

posted on Aug 18, 2013, 1:10 PM

nerdylish
Reply

5. nerdylish

Posts: 51; Member since: Apr 13, 2013

Anybody can do that :P

posted on Aug 18, 2013, 1:12 PM

maysider
Reply

9. maysider

Posts: 38; Member since: Aug 11, 2013

I can even rob you in the street= freedom With iOS you have fascism

posted on Aug 18, 2013, 1:31 PM

PhoneArenaUser
Reply

10. PhoneArenaUser

Posts: 5498; Member since: Aug 05, 2011

You said that in defence of Apple? :D

posted on Aug 18, 2013, 1:39 PM

quadrazeus
Reply

51. quadrazeus

Posts: 359; Member since: May 03, 2013

No. :D

posted on Aug 19, 2013, 12:10 AM

PhoneArenaUser
Reply

53. PhoneArenaUser

Posts: 5498; Member since: Aug 05, 2011

Common, you did that as tedkord says in his comment #26. :D

posted on Aug 19, 2013, 2:55 AM

PapaSmurf
Reply

12. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Now that I've realized this, why even mention the Play Store when this is a App Store article...?

posted on Aug 18, 2013, 1:47 PM

Shatter
Reply

13. Shatter

Posts: 2036; Member since: May 29, 2013

because IOS is said to have a lower chance of getting a virus and very few apps with it in the store while this proves that anybody can do it and get it past apple..

posted on Aug 18, 2013, 2:04 PM

PapaSmurf
Reply

45. PapaSmurf

Posts: 10457; Member since: May 14, 2012

You did everything but answer my question.

posted on Aug 18, 2013, 8:05 PM

tedkord
Reply

26. tedkord

Posts: 17469; Member since: Jun 17, 2009

Because they have a deep seated psychological need to excuse Apple, so they try to divert attention by throwing out anything they can about the enemy. It's a time honored tactic employed by school children the world over.

posted on Aug 18, 2013, 4:16 PM

PhoneArenaUser
Reply

40. PhoneArenaUser

Posts: 5498; Member since: Aug 05, 2011

100% to the target! :) +1

posted on Aug 18, 2013, 5:58 PM

quadrazeus
Reply

50. quadrazeus

Posts: 359; Member since: May 03, 2013

Freedom of speech. That's why.

posted on Aug 18, 2013, 10:56 PM

androidfanboy
Reply

11. androidfanboy

Posts: 162; Member since: Jun 24, 2013

Lol the apple fanboys are in denial haha

posted on Aug 18, 2013, 1:42 PM

Googler
Reply

14. Googler

Posts: 813; Member since: Jun 10, 2013

Those who don't think they need defenses are the most defenseless of all. App that attacks other apps, who knows what havoc this thing could have done if a true hacker had unleashed it.

posted on Aug 18, 2013, 2:33 PM

darkkjedii
Reply

16. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

Major damage

posted on Aug 18, 2013, 2:53 PM

darkkjedii
Reply

15. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

I think the pentagon needs to hire these researchers, man they've got skillz. Apple hire these guys!!!

posted on Aug 18, 2013, 2:50 PM

roscuthiii
Reply

18. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Very clever implementation indeed... they're probably being sequestered by the NSA as we speak (well, technically type).

posted on Aug 18, 2013, 2:59 PM

darkkjedii
Reply

21. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

Wouldn't surprise me. Big brothers always watching.

posted on Aug 18, 2013, 4:01 PM

roscuthiii
Reply

17. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

There's not one thing Man can make that another can't break. All just a matter of time.

posted on Aug 18, 2013, 2:54 PM

gazmatic
Reply

19. gazmatic

Posts: 822; Member since: Sep 06, 2012

well said

posted on Aug 18, 2013, 3:09 PM

darkkjedii
Reply

22. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

So true

posted on Aug 18, 2013, 4:01 PM

Taters
Reply

20. Taters

Posts: 6474; Member since: Jan 28, 2013

This is why Apple is one of the worst companies in the world. They cut costs on EVERYTHING, except lawsuits, including app testing when they have a 100 billion in the bank. How can the Apple fans not see that they are getting raped hard? Buying an Apple product is like going to the same restaurant and paying 20 bucks for a bowl of rice or instant noodles. Not only that, it is like not noticing that restaurant owner is swimming in money and not even inspecting the noodles before serving them. Then when asked by someone why they are paying $20 for a bowl of rice that costs cents and can be purchased elsewhere for $2 tops, they respond by it just works. I get full from that bowl of rice and it's simple. It's not cluttered with side dishes and stuff, you know, those things that add flavor to your meal. 0.o You guys are getting raped and they are laughing about ripping you off by swimming in their billions and only taking 20 seconds to inspect an app. Other companies that struggle to make a profit has an excuse, they can't afford to inspect more than 20 seconds. Apple can afford it easily and they still take all the short cuts they can get, more so than even poor companies. Wake up ifans.

posted on Aug 18, 2013, 3:33 PM

Sauce unregistered
Reply

23. Sauce unregistered

I understand how you feel because maybe you as an individual see it differently than the individuals who purchase products from Apple. These individuals do not care about spending that money on those products because 1) They have it and can throw it around. 2) They can afford it. 3) They budget to afford a product that they like. Individuals like yourself and I, and many others for example, are not like them so we turn to other items with a cheaper price. Then again, there are many phones just as expensive as Apple products, so it comes down to personal taste and choice. Open your eyes, there's a company and product for everyone. Apple happens not to be for you. Of course there are many other reasons that can be listed, but from reading your ignorance, this is what came off the top of my head.

posted on Aug 18, 2013, 4:05 PM

darkkjedii
Reply

24. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

But the play store has lots of malware too. Being open source google regularly does not inspect apps before allowing them in. All companies are greedy, and money/power driven. Your post wasn't even necessary, cuz we already know how big business works. Apple, google, Samsung, and others practice it quite well. Build for low sell for high, can we say profit? Doesn't matter who's the greediest when they're all greedy, doesn't matter who profits the most when they all profit. Apple is google is Samsung. The worst companies though are cigarette, beer, food/soft drink ones. They package cancer, diabetes, heart disease, stroke, obesity, and other maladies. They sell them in the form of Pepsi, coke happy meals, and snickers. And you call apple one of the worst companies? Dude get real.

posted on Aug 18, 2013, 4:11 PM

VZWuser76
Reply

29. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

Just because Android is open source, does not mean the apps are. You can't take an app someone created and make tweaks to it, only the dev who wrote it can. Now the OS you can tweak or change to your hearts content, but if you fork the OS beyond what Google allows, you lose access to Google's services, including the Play Store. That's why many lower end Android models have their own app store, because they have altered the OS beyond what Google allows and lost access to the Play Store. If anything this is a good thing. Better the good guys finding this out than those who would use it to steal info, money, etc.

posted on Aug 18, 2013, 4:50 PM

Shatter
Reply

31. Shatter

Posts: 2036; Member since: May 29, 2013

Apple and Samsung give you radiation, food doesn't.

posted on Aug 18, 2013, 4:57 PM

darkkjedii
Reply

35. darkkjedii

Posts: 31612; Member since: Feb 05, 2011

No but tons of the foods we eat cause, cancer, obesity, gout, hypertension, diabetes etc. don't go there with me Shatter, keep it about tech. Health and fitness is my passion, I know my stuff...trust me on that.

posted on Aug 18, 2013, 5:36 PM

* Some comments have been hidden, because they don't meet the discussions rules.

view all comments
Want to comment? Please Log in or sign up.

Featured stories

Apple-to-name-iPhone-SE-sequel-iPhone-9
Apple's next handset will reportedly be the iPhone 9
OnePlus-8-Lite-renders-surface
Fresh renders reveal a return to the mid-range sector for OnePlus
Best-ANC-wireless-earphones-price-battery-life
Best wireless earbuds with active noise cancellation
samsung-galaxy-note-10-lite-battery-size-larger-than-note-10-plus
Samsung's Galaxy Note 10 Lite has a bigger battery than the Note 10+ (yes, really)
Half-of-the-iPhone-12s-screen-may-become-Touch-ID-as-a-Face-ID-redundancy
In iPhone 12, a Touch ID and Face ID marriage of convenience
samsung-galaxy-s11-galaxy-fold-clamshell-camera-specs-report
Huge Galaxy S11 and 'Galaxy Fold clamshell' camera upgrades revealed in credible new report
Samsung-Galaxy-S11-Plus-battery-leak
The Samsung Galaxy S11+ battery has leaked and it's massive
Apple-iPhone-2020-2021-plans
Apple to launch five iPhones in 2020, iPhone without ports in 2021

Popular stories

Over-100-million-Americans-had-their-personal-data-exposed-in-major-text-data-breach
Over 100 million Americans had their personal data exposed in major text data breach
Download-FitbitOS-4.1-update-Versa-smartwatches
Fitbit OS 4.1 update rolling out to all compatible smartwatches in the US
108MP-camera-photos-xiaomi-mi-note-10-samsung-galaxy-s11
Testing this 108MP camera makes me wish the Samsung Galaxy S11 DOESN'T have one
sams-club-deals-gift-card-iphone-11-galaxy-note-10-more
Sam's Club is preparing another stunning deal on the latest iPhones and Samsung flagships
samsung-motorola-razr-foldable-rival-price-release-rumor
Samsung's imminent Motorola Razr rival might be a lot cheaper than you expect
google-pixel-4-att-deal-new-line-monthly-installments
Here's how you can get Google's Pixel 4 at a measly $150 overall (no trade-in required)
Motorola-imagines-a-foldable-Razr-with-modular-attachments
Motorola depicts a foldable Razr with modular attachments
Samsung-Galaxy-S11-Plus-battery-leak
The Samsung Galaxy S11+ battery has leaked and it's massive

Hot phones

Latest Stories

View more
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.