user418
macrumors 6502a
At this point, I am pretty much skeptical of downloading anything from anybody from anywhere.....
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Pulls Russian SMS Spam App from App Store [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
At this point, I am pretty much skeptical of downloading anything from anybody from anywhere.....
munkery
macrumors 68020
Good post.
Despite being a serious issue, this malware did only abuse legitimate functions allowed by apps. Also, the by-product of the malicious behaviour was only spamming advertising for the app.
Luckily, iOS 6 will more explicitly ask user's permission to partake in this behaviour rather than the user somewhat implicitly allowing it by downloading the app.
This is a lot different than the banking malware that includes privilege escalation that can be found targeting Android.
sweetbrat
macrumors 65816
Yes, because one app doing it on the iPhone is as bad as the hundreds or thousands of problems with apps on the Android platform. 🙄
Taking into account the number of apps in the App Store, I'd say Apple has done a great job of ensuring that the apps they approve are safe. Not to mention that with that many apps, it was only a matter of time before one slipped through. It is one app, and iOS 6 is taking precautions to make the OS even safer. Relax, Chicken Little, the sky is not falling.
sascha h-k
macrumors 6502
Mad-B-One
macrumors 6502a
GenesisST
macrumors 68000
It's one thing to see in the review process that an app uses the contacts API. It's another to know exactly what is done with it, really.
iOS6 will help with this by asking permission to access contacts. Still needs some judgment from the user's part.
Personally, I try to to use judgment with apps even from the app store.
sweetbrat
macrumors 65816
Kindof like the "myth" that Macs are safer from malware than Windows (The kind of "myth" that means "statistically accurate")?
There is this strange "a little bit of something is just as bad as a ton of something" non-logic I see a lot of lately. "iPhone 4 doesn't get Siri? Well i guess iOS is just as fragmented as Android devices that don't get any update at all!" Yeah.. Exactly. 😕
its all relative. How many windows PCs exist now and how many macs are out there? Even though they sell like hotcakes macs are still have a lot lower market share but if u notice amount of malware on the macs spiked up as their market share increased. All this malware is designed to make money so they will target the marketshare where they can make the most. Its similar to what developers are doing now with IOS/Android vs. Windows phone. Everybody develops for main 2 because there is more money in it.
iSee
macrumors 68040
I'm not sure what you mean unless your faceplams are directed at yourself.
The poster said hundreds or thousands and then provided a link that shows thousands is actually conservative. -- the article says 20,000 malware apps target Android today.
Agreed. They should also revoke the developer's account to make apps for iOS. Shenanigans like that should be an instant we don't accept apps from you anymore thing.
So wait, I thought Apple MADE iOS tell the user when the addressbook was being accessed, is this not the case?
This isn't some massive new exploit. This won't result in a huge flood of malware to iOS. This doesn't represent a "huge flaw" with the iOS platform. This won't even need to be patched.
To put it simply: a reviewer at Apple was a bit careless and approved an app that shouldn't have been. Human error.
When you consider:
1) the high chance your malicious app will be caught on the first review
2) the speed at which Apple can disable your app if you got lucky on step 1
3) the relatively insignificant number of jailbroken/vulnerable iOS users
... still makes iOS an unattractive, unprofitable target for malware authors. The guy who made this malicious app got extremely lucky, that's all.
To put it simply: a reviewer at Apple was a bit careless and approved an app that shouldn't have been. Human error.
When you consider:
1) the high chance your malicious app will be caught on the first review
2) the speed at which Apple can disable your app if you got lucky on step 1
3) the relatively insignificant number of jailbroken/vulnerable iOS users
... still makes iOS an unattractive, unprofitable target for malware authors. The guy who made this malicious app got extremely lucky, that's all.
Consultant
macrumors G5
There hasn't been a need until now.
Apple is adding it with iOS 6, and this shady company probably heard about it just now and figure he has a few months before iOS 6 is released.
I believe this will be a new feature in iOS 6.
Also, I wonder if any of these pieces of malware aren't going "bad" until some time after they are submitted. I wonder if the review team does any kind of date checking to see if behavior is different say a month in the future for example.
charlituna
macrumors G3
Contrary to popular belief they don't have a warehouse of reviewers testing every app and going over every line of code. It's more like 50 folks, 100 tops and easily 1000 submissions a day. Sometimes things get through. Especially if they don't accurately describe what the app does or the trick happens in the background
----------
That is in ios6