Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Third-Party App Store Slips Inside iOS App Store

A third-party app store application managed to slip into the official iOS App Store by masquerading as a legitimate financial helper application, according to Trend Micro researchers.

A third-party app store application managed to slip into the official iOS App Store by masquerading as a legitimate financial helper application, according to Trend Micro researchers.

Dubbed “Household Accounts App” and claiming to be a financial helper app for families, the application is designed with Japanese characters, but the app store it leads to is written in Mandarin Chinese. The researcher discovered the program in the App Store of multiple countries and couldn’t determine exactly who it targets.

When launched for the first time, the application checks the PPAASSWOpenKey key in the system’s user preference plist, which allows it to determine if it has run before, because the key doesn’t exist if it hasn’t, the researchers explain. Next, the app switches to the else branch, which requests the right to use data to access the third-party store, but the user has to approve the request.

The third-party store can be used to install not only applications in the official iOS App Store, but also those that are distributed via unofficial channels, thus potentially exposing users to mobile malware and other unwanted applications. One of the programs distributed via this portal is “PG Client,” a tool for jailbreaking iOS devices.

In addition to this third-party store, the security researchers found a program designed to promote applications already in the App Store. Dubbed “LoveApp”, the software could bypass Apple’s arrangement of apps in searches and the paid Search Ads option and could create revenue by charging developers looking to promote apps without using Apple’s promotion service.

LoveApp was found to abuse iOS APIs that allow developers to display their app’s page, but did that to direct users from its own listing to the App Store listing of the promoted apps. This app also has a series of privacy issues, because the app was found to upload some user attributes to its servers at installation, including advertising identifier (idfa), which is used to count the number of downloads.

The app also uses a third-party SDK called TalkingData to gather information about the user’s behavior. The SDK has many aggressive API calls and can acquire various information about the user’s system, such as the Wi-Fi network name, running processes, and IP address. On jailbroken devices, it can also gather the user’s Apple ID and installed apps.

“We recommend that users be careful about downloading apps from third-party app stores. Apple can’t endorse the safety of any of the apps delivered via third-party stores, and such is the case here: users are still exposing themselves to various security threats (including malware and other unwanted apps). Organizations should put in place policies to reduce the risk from these malicious apps, such as blocking unapproved app stores and safeguarding personal devices,” Trend Micro notes.

Advertisement. Scroll to continue reading.

Related: Millions of iOS Users Install Adware From Third-Party App Store

Related: Pirated App Store Client Slips Into Apple’s Official App Store

Related: Rogue App Store Targets Non-Jailbroken iOS Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.