Click to Skip Ad
Closing in...

Security researchers find major flaw in Apple’s App Store approval process

Published Aug 16th, 2013 3:45PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple’s App Store has a much better reputation for security than Google Play but that may not last long if more hackers take advantage of a new flaw discovered by a team of researchers at Georgia Tech. Technology Review reports that the researchers successfully posted a malicious app to the App Store that contained fragmented pieces of code that only assembled themselves into malware after users had installed the app. The researchers say that they were able to get away with this because Apple apparently only ran the app for a few seconds before deciding that it was safe and sending it along to the App Store.

“The app did a phone-home when it was installed, asking for commands,” explains Long Lu, a Stony Brook University researcher who helped out the team at Georgia Tech. “This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed… The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen.”

Marc Rogers, a researcher at mobile security firm Lookout, tells Technology Review that such apps present major problems for all mobile platforms because companies may have to constantly monitor all apps that have been installed on customers’ phones to keep their app ecosystems malware-free.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.