Security Researchers Discover 10 App Store Apps Engaging in Ad Fraud

[MacRumors]

Security researchers discovered 10 "adware" apps on the App Store that were engaging in ad fraud, according to a report from Bleeping Computer. The apps were designed to generate revenue by impersonating legitimate apps and presenting a deluge of ads to iPhone users.

Discovered by HUMAN's Satori Threat Intelligence team, the mobile apps are part of an ad fraud campaign they're calling "Scylla." It is the third wave of a fraud operation first discovered in August 2019, which Apple has been fighting. The apps have been removed from the App Store at this point, but if you have the following apps installed, you should delete them:

• Loot the Castle - com.loot.rcastle.fight.battle (id1602634568)
• Run Bridge - com.run.bridge.race (id1584737005)
• Shinning Gun - com.shinning.gun.ios (id1588037078)
• Racing Legend 3D - com.racing.legend.like (id1589579456)
• Rope Runner - com.rope.runner.family (id1614987707)
• Wood Sculptor - com.wood.sculptor.cutter (id1603211466)
• Fire-Wall - com.fire.wall.poptit (id1540542924)
• Ninja Critical Hit - wger.ninjacriticalhit.ios (id1514055403)
• Tony Runs - com.TonyRuns.game

The apps committing ad fraud used a bundle ID that did not match their publication name, making it appear to advertisers that impressions came from a more profitable software category. The apps apparently imitated CTV-based apps, with IDs changing often to evade detection.

While 10 apps were found on the iOS App Store, more than 70 were found on Google's Play Store, and adware is a much more severe problem on Android devices. Apple's App Store review process was able to lessen the severity of the problem on iOS devices, but there are still apps that slip through.

Adware is more of an annoyance than a serious issue on the App Store, but it is something that iPhone owners should be aware of. Security researchers suggest that smartphone users should look for rapid battery drainage and increased internet data usage to spot apps that are fraudulently using ads in the future. Avoiding installing apps from suspicious developers is also a good idea.

Article Link: Security Researchers Discover 10 App Store Apps Engaging in Ad Fraud

 

[yellow8]

Let's ban all cheaters and let real devs do their work!

 

[Spaceboi Scaphandre]

And another for the list of bullet points debunking Apple's lies about sideloading.

 

[Basic75]

Avoiding installing apps from suspicious developers is also a good idea.

Wasn't the whole point of the walled garden to prevent suspicious apps and developers?

 

[GeoStructural]

This is IMPOSSIBLE, the App Store review process is the standard in privacy and security. The walled garden is here protect us from the evils of external apps. /s


Edit: Let's remember that Apple went as far as to trash their own desktop OS in front of a judge to support their monopolistic practices in iOS: Craig Federighi says the Mac has an ‘unacceptable’ malware problem

 

[katbel]

This is IMPOSSIBLE, the App Store review process is the standard in privacy and security. Apple will always protect us from the evils of external apps, therefore the walled garden.

Sure, exactly as with
"Ask app do not track"... please 🤔
I would like to have "Block app from tracking"

 

[Radeon85]

That walled garden is working well I see Apple, apparently nothing gets passed your review process

 

[temende]

No way! I was told that having a carefully-guarded app store would prevent security holes like this.

 

[CWallace]

The App Store certainly has plenty of issues, but just consider how much worse it would be if Apple just let everyone post any app they wanted without any attempt at oversight...

 

[Spaceboi Scaphandre]

The App Store certainly has plenty of issues, but just consider how much worse it would be if Apple just let everyone post any app they wanted without any attempt at oversight...

The App Store is already much worse with the sheer amount of knockoffs and bootleg apps. Articles like this is just more ammo in favor of sideloading and alternative app stores as it disproves Apple's lies more and more.

 

[wordsworth]

Critics seem to conveniently ignore how difficult if not downright impossible it is to achieve a perfect system (any system), under the impression here, perhaps, that all Apple's wielding of the 'magic' sales pitch means the company can indeed achieve magical (ie 'perfect') results. Real world scenario: choose your poison – Apple or Android. A walled garden doesn't prevent weeds but if carefully attended to, it will minimise them.

 

[autrefois]

Avoiding installing apps from suspicious developers is also a good idea.

I was kind of hoping that Apple would be better at spotting suspicious developers than I am.

 

[sw1tcher]

Wasn't the whole point of the walled garden to prevent suspicious apps and developers?

No. It's to prevent fair and open competition so Apple can keep all the money for themselves.

At some point, the App Store got too big for Apple to patrol. This wasn't an issue in the beginning because there weren't that many developers.

 

[Bawstun]

The App Store certainly has plenty of issues, but just consider how much worse it would be if Apple just let everyone post any app they wanted without any attempt at oversight...

I kinda think they are. There might be 100 actually useful apps in the App Store. The rest are thousands of useless Chinese crap apps.

 

[TheDailyApple]

All the people thinking that they're calling Apple's bluff by pointing out that their system doesn't catch 100% of bad apps ignore the fact that a filter which catches 90% or even 75% of bad apps is still better than no filter at all. If people could download apps straight from the internet and install them, most devs won't bother using the App Store, and at that point, who's going to maintain a comprehensive database of safe apps pro bono?

I only support side-loading via computer (i.e. iTunes, iMazing, or Xcode style).

 

[CWallace]

I was kind of hoping that Apple would be better at spotting suspicious developers than I am.

At least crowdsourcing the identifications of bad actors in the App Store is a positive use of our (Apple customers) time and considering there are so many more of us than Apple staff (even if every Apple employee was on App Store Duty).

Of course, Apple needs to actively leverage this resource (us) in order to use it to maximum effectiveness.

 

[CWallace]

I kinda think they are. There might be 100 actually useful apps in the App Store. The rest are thousands of useless Chinese crap apps.

Guess we are using different search criteria to find apps... *shrug*

 

[ponzicoinbro]

And another for the list of bullet points debunking Apple's lies about sideloading.

The story literally says it is worse on Android so unless someone reading the story has cognitive problems, this story backs up Apple and proves sideloading is a menace when it comes to piracy and and ad fraud.

Developers wont benefit one bit from sideloading because apps will be pirated massively and a lot of those pirate apps will contain malware and user tracking ads.

As people point out, the only people who support sideloading on smart phones are:

- organized criminals spamming forums to demand sideloading.
- pirates who don’t want to pay for apps.
- just people with a bad grudge and a chip on their shoulder.

 

[zakarhino]

So let's check the current status of things:

1. the iOS App Store is still riddled with apps that scam and spy on users
2. The "Opt Out of Tracking" button has done little in stopping Facebook's tracking (bonus!: Tim Cook met with Zuck to discuss a potential revenue sharing operation prior to introducing the anti-tracking button)
3. Apple have STILL not patched the iCloud Backup loophole that lets them or a 3 letter look at (almost) the entire contents of your iPhone
4. Apple (as far as we know) are STILL planning on introducing spyware into your photo library
5. Apple are working on placing even MORE ads in Maps, App Store, and God knows where else. Your OS experience will be less centered around genuine content and more centered around businesses that are paying for the top search result spot (like Google's services).
6. Apple will continue to expand said ad business which means more data collection on you, but don't worry it's acceptable because it's Apple and they put some magic "anonymization" sauce on it (which has already been proved to be trivial to de-anonymize)
7. You are still too stupid and inexperienced to sideload apps onto your iPhone apparently, nevermind the fact that macOS can do it. And no, re-designing security and privacy aspects of the OS to accommodate sideloading is not an option apparently.
8. The cherry on top: despite Apple's reputation as "the secure and private option," some security experts have indicated some Android phones like Pixel are now more secure against zero day exploits vs. iPhone (on the black market zero day Android hacks for the latest version are rarer and demand more money than iPhone equivalents). Google are constantly talking about new security measures they're implementing on Pixel.

I keep asking myself if Apple are going down the route of Google anyway (by increasing tracking and putting ads everywhere) why not switch to an Android fork like GrapheneOS on Pixel to get max security/privacy but at the same time benefit from Google's much superior platforms and ML implementations (Maps, YouTube, Search, Translate, on device OS wide translation features, better keyboard, etc.)

 

[Wildkraut]

But but but the AppStore is so secure... 🤣
Looking forward to 2023/2024 when the EU activates DMA and DSA, and to all the bills in USA & Co. that will take place.

 

[erikkfi]

And another for the list of bullet points debunking Apple's lies about sideloading.

You mean installing, which is what this action is non-controversially called on desktop platforms.

 

[zakarhino]

The story literally says it is worse on Android so unless someone reading the story has cognitive problems, this story backs up Apple and proves sideloading is a menace when it comes to piracy and and ad fraud.

Developers wont benefit one bit from sideloading because apps will be pirated massively and a lot of those pirate apps will contain malware and user tracking ads.

As people point out, the only people who support sideloading on smart phones are:

- organized criminals spamming forums to demand sideloading.
- pirates who don’t want to pay for apps.
- just people with a bad grudge and a chip on their shoulder.

Missing the fourth option which is adults that can manage themselves without the need for Father Tim to protect us from spying and malware (which already happens on the platform, be it from random rogue third parties, Facebook, Apple themselves, or government collaboration).

Where is the massive piracy and malware issue on Android? That reputation is mostly a relic of the past. Most Android users stick to the Play Store (despite the availability of third party stores) and their devices are fine. The extent of spyware on stock Android 13 is mostly the same as the extent of spyware on iOS because the bulk of it is being carried out by Facebook and TikTok.

 

[BobSc]

I was kind of hoping that Apple would be better at spotting suspicious developers than I am.

Are you as perfect as you expect Apple to be? How does the world look to you from the cheap seats? Many here will always find a way to denigrate Apple no matter how well they succeed.

 

[zakarhino]

All the people thinking that they're calling Apple's bluff by pointing out that their system doesn't catch 100% of bad apps ignore the fact that a filter which catches 90% or even 75% of bad apps is still better than no filter at all. If people could download apps straight from the internet and install them, most devs won't bother using the App Store, and at that point, who's going to maintain a comprehensive database of safe apps pro bono?

I only support side-loading via computer (i.e. iTunes, iMazing, or Xcode style).

If Apple's App Store can't compete in the marketplace of App Stores that would mean they had nothing to offer in the first place. Google allow third party app stores and direct installation yet most developers choose the Play Store to publish and distribute their apps, because the Play Store has genuine benefits over direct distribution and most third party app stores.

I'm confident Apple could come up with ways to encourage most developers to use their App Store over others if they tried hard enough.

 

[Enzo Morocioli]

How about this: don't download random, useless, boring games to your device! If you want entertainment, a bit of a rush, and to stimulate your brain, download the most popular chess app. You'll never need another ninja slasher again.