Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Removed Apps Infested With Screen Reading Malware

HiVolt said:
Yeah their claim that they are the only steward capable of safeguarding us from malicious apps has been thoroughly debunked many times over.
Click to expand...
Did they claim they’re the only ones capable? It’s very possible, I just don’t recall it. Do you have a link? I’d like to know the specifics of that quote, particularly if there is any relevant context. Because if that claim is as broad as it sounds, it can be debunked with an obvious simple theoretical example—if there is an alternative app store that only allows 10 apps. The reviewers could scrutinize the apps for any malicious behavior extremely thoroughly. The only problem with that is it’s a useless example, because we would have to trust their review system but if they only have a 10-app app store, we will never hear of their store.

Also what thorough debunking are you referring to? Theoretical debunking like mine or actual examples? Keep in mind, if you are referring to examples of malicious apps getting into the App Store, that doesn’t prove that other stewards are more capable, it only proves Apple is not perfectly capable, which as far as I know they have never claimed.
 
I7guy said:
More prone. This is a harbinger of what will happen in the EU. The App Store is safe, the same way flying is safe. If Apple can’t be at the front of the car and mouse games, the alt-stores won’t either. (Unless Sweeney hand checks everything or your favorite eu adult app contains questionable stuff)
Click to expand...
This flying analogy is getting very tiresome. Lost someone? Collect the insurance and live the BoraBora life.
 
  • Love
Reactions: turbineseaplane
mrr said:
Is there a full list of the apps that they pulled?
Click to expand...
Maybe Kaspersky has one?

Apple is rarely transparent about such cock ups. They’d rather downplay, lie, deny - and most important silently sit out the problem - than getting (more) bad press.
 
  • Like
Reactions: turbineseaplane
AppliedMicro said:
Also, a third-party store has a reputation to lose - whereas Apple has a de facto monopoly.
Click to expand...
Apple definitely has a reputation to lose. Even if it was a monopoly (which is definitely not a given), every company has a reputation to lose. It wouldn’t affect a monopoly’s sales, but people would hate them regardless (think of your local no-other-choice cable company that everyone hates). But as far as I know, people generally like and trust Apple, despite the blemishes on their track record, which suggests Apple is doing more right by the customer than wrong.
 
That's why we need Apple to control all apps. So that such malicious programs cannot get onto users' cell phones in the first place. Fortunately, the controls have once again worked perfectly here and Apple has provided proof of the added value.

Oh wait…
 
  • Disagree
Reactions: turbineseaplane and wbeasley
subjonas said:
Apple claimed the App Store is 100% safe? Are you sure you’re not putting words in their mouth? If you provide a real reference for this, I’ll be humbled and also very surprised at Apple for making an impossible claim.
Click to expand...
That's right, they don't say that literally. They are saying that the controls protect against dangerous or fraudulent apps. And that systems without these controls will be overrun by malware. (Just like the Mac, probably)

So yes, "100% safe" can be inferred.
 
Apple introduced 'Notarization' for alternative app stores as a way to still have control of what app's are and are not allowed on an iphone. One of the checking steps of Notarization is for virus's and malware. It should therefore be impossible for an app with a virus or malware to get through Apple's notarization process. If one does then Apple is not doing it's job properly.

So, before members start bleating on about how unsafe app's in an alternative app store would be, remember Apple's notarization process prevents unsafe apps from making it to an iphone, whether is be from Apple's own app store or an alternative app store.
 
  • Love
Reactions: turbineseaplane
con2apple said:
That's right, they don't say that literally. They are saying that the controls protect against dangerous or fraudulent apps.
Click to expand...
Sure, we can all agree controls protect, ie. no controls do not protect.
con2apple said:
And that systems without these controls will be overrun by malware. (Just like the Mac, probably)
Click to expand...
Of course without any controls, it would be overrun. With weaker controls, of course it would be more overrun than otherwise. This is where a direct quote reference would be useful to actually know what they said.
con2apple said:
So yes, "100% safe" can be inferred.
Click to expand...
I don’t know how you got there all of a sudden. Evel Knievel wouldn’t make that jump!
 
sw1tcher said:
Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.
Click to expand...
Yep, and the problem is that they are selling this illusion.
 
  • Love
Reactions: turbineseaplane
AppliedMicro said:
Less prone. Cause there would be two entities that can review the code rather than just one.
Also, a third-party store has a reputation to lose - whereas Apple has a de facto monopoly.

And someone can create a store that has a carefully curated selection of apps by trustworthy developers. With whom they’ve built long-lasting business relationships (SetApp is, I believe, an example of that).

Apple, on the other hand, apply similar judgment and discernment to customer selection as a cheap prostitute:
They’ll let everyone in to and “do it” with them - especially as long as it makes them money.
(and at $99 dollars for the developer subscription, Apple is in fact cheaper)
Click to expand...
More prone. Someone can create a store for the express purpose of scam, phishing and malware apps. Of course they will get shut down but another will pop open to take their place.

Just like you can’t prevent malware from being a part of everyday life criminals will take advantage of it as they do today. There’s more incentive in the eu to now create these enterprises.
 
  • Like
Reactions: DianaofThemiscyra
sw1tcher said:
Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.
Click to expand...
And this is where the EU (and others) should have focused rather than requiring Apple to support multiple third-party app stores that are even more likely to be riddled with malware. Apple charges a premium for apps in the iOS app store, so make them work for that money. Make them guarantee that each app has been reviewed for quality control and that each app has been scanned for known security and privacy threats, particularly now since AI might be able to flag apps needing further scrutiny. Yes, that would be expensive, but if Apple is not doing this, then how can they justify the app store fees and the claim their walled garden is secure?
 
VulchR said:
And this is where the EU (and others) should have focused rather than requiring Apple to support multiple third-party app stores that are even more likely to be riddled with malware. Apple charges a premium for apps in the iOS app store, so make them work for that money. Make them guarantee that each app has been reviewed for quality control and that each app has been scanned for known security and privacy threats, particularly now since AI might be able to flag apps needing further scrutiny. Yes, that would be expensive, but if Apple is not doing this, then how can they justify the app store fees and the claim their walled garden is secure?
Click to expand...

Apple absolutely does need to be made to compete ("make them work for that money", as you said)

The only way to do that is to ensure there is actually competition for customers on the platform, which requires Apple to be forced to allow alternatives, since, unlike on their own Mac, they've kept it fully locked down.

I think they should be forced to follow the macOS sandbox+notarization model.
It's proven safe, flexible and dynamic for a wide swath of needs.

Folks can live in the Mac App Store only if they want and if that covers their needs, while people who have alternative interests for Apps can get them developer direct also (notarized by Apple) ... or go completely "unsafe" if they want to.

It's their Mac after all ... it's also their iPhone after all (the user)
 
  • Like
Reactions: DianaofThemiscyra
It is clear many members are operating on 'Project Fear' when they keep talking that apps in a non-Apple app store will be riddled with malware, not understanding the fact that such a situation is not possible.

The only alternative store(s) allowed are in the EU and part of the agreement to allow such store(s) to exist in the EU is that they have to pass a checking process called 'Notarization'. One of the checks of this process is to check for viruses and/or malware. Therefore, due to Apple having worked it with the EU that they still maintain control of what apps are allowed in iOS, there is no way 3rd party app stores will be riddled with viruses or malware because Apple will not allow such apps to pass it's notarization process.

So any one that goes on about 3rd party app stores going to be riddled with malware is just scare mongering because notarization will prevent malware from getting through. The ONLY way malware will be able to get into a 3rd party app store is if Apple fails to notarize the app properly.
 
  • Like
Reactions: thefrost and AppliedMicro
turbineseaplane said:
Apple absolutely does need to be made to compete ("make them work for that money", as you said)

The only way to do that is to ensure there is actually competition for customers on the platform, which requires Apple to be forced to allow alternatives, since, unlike on their own Mac, they've kept it fully locked down.

I think they should be forced to follow the macOS sandbox+notarization model.
It's proven safe, flexible and dynamic for a wide swath of needs.

Folks can live in the Mac App Store only if they want and if that covers their needs, while people who have alternative interests for Apps can get them developer direct also (notarized by Apple) ... or go completely "unsafe" if they want to.

It's their Mac after all ... it's also their iPhone after all (the user)
Click to expand...
The competition is from real competitors. Not companies taking a slice of apples business.

And it’s sad to me some do t see the handwriting on the wall. May not be in the next hour, day or month, but criminals will find a way to exploit these app stores and sideloading.

Denial is not just a river in Egypt as they say.
 
Last edited:
  • Like
Reactions: VulchR
subjonas said:
Apple claimed the App Store is 100% safe? Are you sure you’re not putting words in their mouth? If you provide a real reference for this, I’ll be humbled and also very surprised at Apple for making an impossible claim.
Click to expand...
Apple doesn't say 100%. Apple does say their security protections are designed to prevent malware "from ever making it onto the App Store and thus ever reaching or harming users."

How is that not the same as saying the App Store is 100% safe?

About App Store security

On the App Store, apps come from identified developers who have agreed to follow Apple guidelines, and are securely distributed to users with cryptographic guarantees against modification.
support.apple.com

App Store security protections include:
  • Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.


This story about multiple malware infested apps on Apple's App Store shows that malware can and does reach and harm users.
 
  • Like
  • Love
Reactions: thefrost, AppliedMicro, UliBaer and 2 others
sw1tcher said:
Apple doesn't say 100%. Apple does say their security protections are designed to prevent malware "from ever making it onto the App Store and thus ever reaching or harming users."

How is that not the same as saying the App Store is 100% safe?

About App Store security

On the App Store, apps come from identified developers who have agreed to follow Apple guidelines, and are securely distributed to users with cryptographic guarantees against modification.
support.apple.com

App Store security protections include:
  • Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.


This story about multiple malware infested apps on Apple's App Store shows that malware does reach and harm users.
Click to expand...
What about those devs that sign in the dotted line but have lied and there are not following apples guidelines? They don’t count?

Also app store scans for known malware. What about unknown malware? That doesn’t count?

Please show us where Apple says malware will never, ever reach the App Store. That’s a grandiose oversimplification.
 
I7guy said:
Please show us where Apple says malware will never, ever reach the App Store.
Click to expand...
I just did.

Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.

Do you know the meaning of the word "ever"?

Yeah yeah, I know, Apple also says "known." Doesn't change the fact that Apple claims their App Store is safe.

I'd also like to point out that this malware is not unknown. It's been known about for many months

While this is not the first time Android malware with OCR capabilities has been detected in the wild, it's one of the first instances where such a stealer has been found in Apple's App Store. The infected apps in Google Play are said to have been downloaded over 242,000 times.

The campaign is assessed to have been active since March 2024...

if not years...

www.welivesecurity.com

First clipper malware discovered on Google Play

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores
www.welivesecurity.com
 
Last edited:
  • Love
Reactions: turbineseaplane
I7guy said:
...

Also app store scans for known malware. What about unknown malware? That doesn’t count?

...
Click to expand...
Obviously given this story Apple's scans are not comprehensive enough. I don't expect Apple to have precognition. I do expect due diligence in screening apps for the app store. Again, I think the best way of doing that would have been for the EU and other governments to make Apple back up its claims with a guarantee.
 
  • Like
Reactions: turbineseaplane
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back