Thegloor

Cracks Begin to Show in the Security of Apple’s App Store

Apple’s ecosystem is sometimes called a ‘walled garden’ due to how tight Apple controls every aspect of it. That includes a great team of reviewers that look over every single submission and update for over 2 million apps in its App Store.

That review process can be frustrating, with hackers trying to trick developers in the past to get malicious code past the reviewers. Now it appears that the review process itself is not infallible after all, with two examples of malicious apps that steal money in the form of in-app purchases getting into the App Store.

Here’s what is going on

One app that 9to5Mac put the spotlight on uses the iPhone fingerprint scanner to trick its users into making purchases they didn’t intend to. The app tells users that it could read their heart rate through their fingerprint.

That is impossible for the hardware on the iPhone to do, it was all to trick the user into holding out their fingerprint on the TouchID scanner which would then approve the in-app purchase the scammer wanted. This could be up to $120 at a time from your credit card.

A similar app called “Fitness Balance” was also shared on Reddit over the weekend, which was even tricking its users to put their fingerprint onto the TouchID sensor to scam them out of their money with fraudulent in-app purchases.

The apps which were discussed on Reddit and by 9to5Mac have since been removed from the App Store.

Apple and the App Store

As revenue from the App Store becomes more of a central push of Apple’s business strategy, scams are only going to increase in deviousness and high frequency. The Cupertino-based company has recently refocused its investor attention on its online services and has said that it will stop publicly revealing iPhone sales figure.

With Apple encouraging developers to start using subscription models for their apps so that they can collect regular recurring revenue, this opens the doors to scams. Are apps with in-app purchase functions given less scrutiny in the review process? Apple’s CEO Tim Cook has gone on record saying that “We are looking at every app in detail. What it is doing, is it doing what it’s supposed to be doing, is it meeting the privacy policy that they are stating, right?”

Some apps are falling through the cracks in the human review process. But still, two apps that we know of out of millions isn’t that bad. Google’s Play Store also had a recent overflow of malware with over 500,000 users affected.

Comments

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More