Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Pulls Russian SMS Spam App from App Store [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
That only helps if the app obviously doesn't need to access your contacts. So an app that is supposed to connect you with your friends (like this app supposedly did) could have a legit reason to access a users contacts list.
This. It's impossible to check for everything.
Reviewers have very little time to check an app, so their focus is mostly on making sure it doesn't violate anyone's copyrights or stray too far in its UI style.
Without the app's source code, the reviewers cannot check what an app might do days or weeks or months after it's approved.
This is hardly the first iOS app to send contact info to its server without explicit user permission. Others, some famous, have done so, which is why the new warning is coming in iOS 6.
It seems highly likely that many other apps have also done this and sold the contact info to advertisers, without being so obvious.
By the looks of this app you should be aware that it is using your addressbook data. And while I do like how we're getting finer control over privacy with iOS 6, I hope they fix the popup notification spam (it might turn into something like the Vista UAC issue where people don't read it).
And this is second major issue I have with the walled garden.
(The first one is not being able to install what I want.)
False security.
iOS users believe that because every app is checked by Apple and because apps only can be installed through the App Store, therefore all apps in the AppStore are safe to install, and so they install without thinking.
This will happen again.
And after iOS 6, they will write apps that have reasons to both read your address book and send information.
And users will grant the apps permission.
And the apps will continue to steal information.
(The first one is not being able to install what I want.)
False security.
iOS users believe that because every app is checked by Apple and because apps only can be installed through the App Store, therefore all apps in the AppStore are safe to install, and so they install without thinking.
This will happen again.
And after iOS 6, they will write apps that have reasons to both read your address book and send information.
And users will grant the apps permission.
And the apps will continue to steal information.
I understand your concerns but can you or anyone else enumerate which apps are stealing our information? I think this is a real problem and the only way I currently know of to combat this is to try identifying the developer and if it is Chinese or Russian...then no thanks. But that is hardly foolproof and is in itself foolish in some ways but I dont have a better solution yet. 
It's not a human error. You are trying to ignore the fact that the reviewer simply can not know what the app does. All he can do is check which APIs the app uses but remember those are all legal Apple APIs. Without a source code (which the reviewer does not have) there is no way to figure out what the app actually does with those APIs. Apple's system is way more wasteful than what Android has (a permission system) but does not provide any extra protection. In fact, Apple's system is worse than Android. With Android, if you check the permissions requested by app, you would never have flashlight app preforming tethering as it happened with App Store a while back. How could the reviewer approve a flashlight app like that? Well, don't be too hard of him. Without a good permission system, it's not that easy to track API usage.
Neither system would have helped in this case! Are you going download this app and be suspicious that it wants access to your contacts?
Neither system would have helped in this case! Are you going download this app and be suspicious that it wants access to your contacts?
How do you know the OP was saying that it would have helped. All he said was that Android notifies you ahead of time what it's accessing. It's an accurate statement. And iOS 6, we already know, will do the same.
I have no idea what you are getting at here. I didn't say either person was wrong. I simply said that those feature wouldn't have helped. Which was also an accurate statement.
I find these kind of security notifications to be "security theater" akin to the TSA.
Don't get me wrong, I'm all for access controls. I just don't think these kind of notifications have an impact on malware. If the app is malicious, it can simply claim features that justify the access.I don't think using the "kill switch" would help anything. The contact info has already been uploaded. Killing the app on the phone won't make the data disappear on the spammers computer.
Anyone else think it's a bit suspicious that Kaspersky (a russian company) a few weeks ago was like "iOS will soon get malware". Then they found this Russian app and are like "oh hey guise look what we found lol guess you gonna give us money now haha".
Another security fiasco for apple. What's the $100 devs subscription going towards if they don't actually check the apps they put on the app store, or can't check them and be certain they do not pose a security threat.
And this is an app that apparently was downloaded enough to be noticed. Who knows if there are quite a few of such apps in the app store that have been silently stealing personal data from their users and have due to their very small installed base gone unnoticed so far?
And I am asking everyone who has legal liability for this? If apple vouch for the safety of the applications wrt private user data, aren't users who used this app justified in bringing a class action lawsuit against apple? If they are not legally binded then what's the point of the app store as a safeguard to begin with.
Apple are sitting on an obscene pile of cash that could buy a few countries around the planet, one would think they can afford to buy kaspersky and a couple of other specialized software firms to address their growing security issues effectively.
And this is an app that apparently was downloaded enough to be noticed. Who knows if there are quite a few of such apps in the app store that have been silently stealing personal data from their users and have due to their very small installed base gone unnoticed so far?
And I am asking everyone who has legal liability for this? If apple vouch for the safety of the applications wrt private user data, aren't users who used this app justified in bringing a class action lawsuit against apple? If they are not legally binded then what's the point of the app store as a safeguard to begin with.
Apple are sitting on an obscene pile of cash that could buy a few countries around the planet, one would think they can afford to buy kaspersky and a couple of other specialized software firms to address their growing security issues effectively.
Last edited:
Mine is clearly not a very popular opinion. I know a lot of people have written about this elsewhere, and have generally been ridiculed for the notion that Apple will struggle without Steve's influence and drive.
I want to be proven wrong so badly. It's just I've seen big problems so many times, over and over again, when working with companies who lost their influential leaders and founders. It's usually a slow unravelling. But little clues like the topic of this thread will keep showing up with increased regularity as standards slide.
Let's both hope my opinion can continue to be easily dismissed as the work of a troll in a few years time. Nothing would make me happier.
Why is this a sign? Did The Steve decompile and study each app before it was approved?
While many companies do decline when they lose a key figure I do believe Apple is in better shape than most. They put a lot of effort into structuring things to make many of Apple's unique traits self sustaining. I agree there will be some short term impact but it is far too early to see the long term.
Seriously though, Steve would have had no impact on this event.
No, of course not. I just like to do random Google searches and hope that the results support what I was saying.
This would never have happened if Steve Jobs was still with us.
Seriously, it's time to let go.
I have no idea what you are getting at here. I didn't say either person was wrong. I simply said that those feature wouldn't have helped. Which was also an accurate statement.
I find these kind of security notifications to be "security theater" akin to the TSA.
Which is why Apple should start educate their customers about security.
Make users aware that just because Apple have created a walled garden for their iOS apps it doesn't mean that everything you download and install is safe and not malicious.
Educate users to think before installing.
Educate users to think before allowing an app to access information or send information.
But that would mean a big break with how iOS is promoted today.
So I'm guessing it won't happen.
Edit: Actually this would "security theater" akin to the TSA if apps would be able to circumvent it. Malicious apps are able to circumvent the control process, I have yet to read anything saying that apps can circumvent not being allowed to read or send information.
----------
30%
Last edited:
Steve
Yeah!, This would never happen if Steve.........wait...Never mind.
This would never have happened if Steve Jobs was still with us.
Yeah!, This would never happen if Steve.........wait...Never mind.
I have no idea what you are getting at here. I didn't say either person was wrong. I simply said that those feature wouldn't have helped. Which was also an accurate statement.
I find these kind of security notifications to be "security theater" akin to the TSA.
Once again in your apple apologism you are both misconstruing what others are saying as well as making a seemingly plausible argument but one which is downright false. It's really hard to read your posts when you are perpetually trying to distort reality the way it suits you.
With permissions malicious apps cannot claim they are doing X while doing Y in their description because you are notified in advance. That in itself is a very good security measure. Because it's much harder to write a malicious app that justifies in an convincing way to the user their accessing their address book than it is to write one that doesn't have to present a seemingly legitimate function, but can access it regardless... If you don't have this system that android uses and soon ios will copy, sorry, put in place, it's much easier to write malware for the platform. It's mind boggling how you argue that a system that ensures some safety by demanding that anyone who wants to write malicious apps provides at least a seemingly legitimate function for the app is no better than a system where apps don't even have to inform the user before their installation of what they are going to be accessing.
But sure, it's a system apple doesn't have in place, so... "it makes no difference", if apple already had the system in place it would be "a good security insurance policy that might not be 100% effective but it's still a step in the right direction"...
. Seriously man if you don't own large quantities of apple stock (bought in the $600s ), and I mean vast quantities and you are doing this just for a hobby...well...
Last edited: