Despite Apple’s claims that the App Store is a “safe place you can trust,” it seems that some developers still find ways to bypass the company’s review process to distribute fraudulent apps to iPhone, iPad, and Mac users. This time, a researcher identified as “Privacy1St” (Alex Kleber) has shared a report about multiple Chinese apps that have fooled the App Store review team.
Apps can trick the App Store review team
The report was shared in a post on Medium and was also supported by security research and former NSA staffer Patrick Wardle. The investigation examined seven different Apple developer accounts that are allegedly managed by the same Chinese developer. These apps, according to the report, abuse the App Store guidelines in many different ways.
As noted by the researcher, most of these apps contain hidden malware that can receive commands from a server. This way, the malicious code waits for the app to be approved in the App Store before it goes live. This technique lets developers change even the entire app interface remotely so that Apple will see a completely different app than the one that will be shipped to users.
Although the apps were released by different developer accounts, they all establish communications with domains using services like Cloudflare and GoDaddy in order to hide their hosting provider. Interestingly, the Privacy Policy website of these apps redirects users to public webpages created with Google Sites.
Another aspect of these apps’ code that connects them to the same developer is that they all use the same password to decrypt a JSON file used to mislead the App Store review team. In some cases, this developer has released basically the same app under different accounts, so that these apps can reach and trick even more users.
Fake reviews and more
As noted by the report, one of these apps is a “PDF Reader” that was listed as one of the most downloaded apps in the US Mac App Store. Once downloaded, the app tricks users into paying for a subscription plan. But the whole scheme goes far beyond this, as all these apps have a suspicious amount of positive reviews amidst negative reviews claiming that the apps don’t work.
Of course, these positive reviews are fake and bought by the developer to make regular users believe that the app is legitimate. Since the report was published, Apple has removed most of the fake reviews of these apps. Some of the malicious apps also seem to have been removed from the Mac App Store.
Last month, Apple said the App Store stopped “nearly $1.5 billion in fraudulent transactions in 2021” thanks to the App Store review team. However, this is not the first or second time that researchers have shown that the App Store is still highly susceptible to scam apps. In the meantime, Apple keeps saying that the sideloading process is the real enemy of users.
FTC: We use income earning auto affiliate links. More.
Comments