Apple has stood by its claims that its App Store is one of the safest places users can trust. But a new report from a researcher is ringing alarm bells over some recent findings.
Thanks to the security researcher who has recently been identified as Privacy1st, we get information about a series of scam apps from China that are roaming the Mac App Store and also tricking users.
The developers behind the apps seemed to crack the code on how to bypass Apple’s rigorous review process and continue with the distribution side of things.
The apps are easily adopted for many Apple devices like iPhones, MacBooks and even iPad users which means the threat is definitely alarming and spreading.
But how exactly do these apps manage to fool critics on the App Store?
Well, a recent report was published by the security researcher on Medium, which also got widespread support from a former NSA staffer named Patrick Wardle.
The study assessed up to seven different accounts linked to Apple developers, all of which were found to be operated or operated by a single Chinese developer.
Apps have been proven to abuse the strict protocols in place on Apple’s App Store through several means.
To begin with, the apps were found to involve all sorts of hidden malware that received commands from a single server. By this means, the malicious code remains in waiting mode until it gets approval from the App Store review board.
But once cleared to go live, it allows the developers to change the whole interface and you end up getting a whole new app than what was initially approved by the reviewers at first. Once ready, it is sent to users who are tricked or tricked into downloading them, only to later realize the trap.
Remember, just because different developers or accounts ship apps doesn’t mean they’re unrelated. Applications continue to communicate with various types of domains such as Cloudflare which disguises its hosting provider.
Researchers have found that another thing that all of these rogue apps have in common is that they all use the exact same password which can be used to decrypt JSON files.
And that’s exactly the tactic he uses to mislead the review team on Apple’s App Store.
Under certain conditions, the developer ends up publishing similar apps under different accounts. The idea is to extend the reach while allowing tracking of different users.
One of the malicious applications described is found to read PDF files. This has been enlisted to be one of the most frequently installed apps on the US App Store. And once you fall into the trap, users are tricked into making payments for various subscriptions.
And if that doesn’t sound shady, well, there are also plenty of fake reviews on the App Store about its quality. There are no negative reviews that talk about how the app doesn’t even work, which makes the whole problem even worse.
All of these reviews are completely fake and end up being bought by the developers for positive publicity.
Since the publication of the security researchers’ report, Apple has taken action and removed many fake reviews related to these apps. Additionally, fewer rogue apps are also seen on the platform, which shows how active Apple is in removing these threats.
Read next: Apple plans to erase passwords forever as company puts its passkeys in the spotlight