Connect with us

Hi, what are you looking for?


Mobile & Wireless

Third-Party App Store Slips Inside iOS App Store

A third-party app store application managed to slip into the official iOS App Store by masquerading as a legitimate financial helper application, according to Trend Micro researchers.

A third-party app store application managed to slip into the official iOS App Store by masquerading as a legitimate financial helper application, according to Trend Micro researchers.

Dubbed “Household Accounts App” and claiming to be a financial helper app for families, the application is designed with Japanese characters, but the app store it leads to is written in Mandarin Chinese. The researcher discovered the program in the App Store of multiple countries and couldn’t determine exactly who it targets.

When launched for the first time, the application checks the PPAASSWOpenKey key in the system’s user preference plist, which allows it to determine if it has run before, because the key doesn’t exist if it hasn’t, the researchers explain. Next, the app switches to the else branch, which requests the right to use data to access the third-party store, but the user has to approve the request.

The third-party store can be used to install not only applications in the official iOS App Store, but also those that are distributed via unofficial channels, thus potentially exposing users to mobile malware and other unwanted applications. One of the programs distributed via this portal is “PG Client,” a tool for jailbreaking iOS devices.

In addition to this third-party store, the security researchers found a program designed to promote applications already in the App Store. Dubbed “LoveApp”, the software could bypass Apple’s arrangement of apps in searches and the paid Search Ads option and could create revenue by charging developers looking to promote apps without using Apple’s promotion service.

LoveApp was found to abuse iOS APIs that allow developers to display their app’s page, but did that to direct users from its own listing to the App Store listing of the promoted apps. This app also has a series of privacy issues, because the app was found to upload some user attributes to its servers at installation, including advertising identifier (idfa), which is used to count the number of downloads.

The app also uses a third-party SDK called TalkingData to gather information about the user’s behavior. The SDK has many aggressive API calls and can acquire various information about the user’s system, such as the Wi-Fi network name, running processes, and IP address. On jailbroken devices, it can also gather the user’s Apple ID and installed apps.

Advertisement. Scroll to continue reading.

“We recommend that users be careful about downloading apps from third-party app stores. Apple can’t endorse the safety of any of the apps delivered via third-party stores, and such is the case here: users are still exposing themselves to various security threats (including malware and other unwanted apps). Organizations should put in place policies to reduce the risk from these malicious apps, such as blocking unapproved app stores and safeguarding personal devices,” Trend Micro notes.

Related: Millions of iOS Users Install Adware From Third-Party App Store

Related: Pirated App Store Client Slips Into Apple’s Official App Store

Related: Rogue App Store Targets Non-Jailbroken iOS Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.