hypothetical - apps discovered to contain malware

[theprizerevealed]

hi,

Is it possible that an app could be approved for the app store for OS X or iOS that was discovered to contain malware? But when later yanked by Apple, does Apple cause all the devices that downloaded that app to delete that malware infected app or is it the responsibility of the user to delete the compromised app?

How much could your computer's data be compromised if malware was installed on a UNIX os anyway? Especially with this new rootless feature? thanks How much effort does Apple expend to search the app code for malware or other viruses? thanks

 

[KALLT]

It is certainly possible and removing it from the store will not remove an app from your device. I do not think that there is a kill switch like on iOS. Apple can contact potential victims of course.

How much of your data is at risk depends on several factors. App Store applications are sandboxed and cannot touch your personal files without explicit permissions. If such an application manages to get more extensive permissions than Apple would normally permit, like through a loophole or vulnerability, then your documents may not be safe. The recent Transmission ransomware incident has shown that your documents can be destroyed by any application that you install and run and that is not constrained by a sandbox.

System Integrity Protection does not prevent this. What it does is protect your core system from the root user itself. If an attacker manages to get root privileges, then your system is probably secure. Your user data is not.