Close this search box.

App Store Security Vulnerability Allows Entry of Malicious Apps

Table of Contents

Apple critics have long complained about Apple’s walled garden policy that severely restricts the ability of just anyone to develop an app for the iPhone and then sell it. You need to play by Apple’s rules if you want to get inside the so-called garden. This policy may be generating some negative spin for Apple but by all accounts it does work. Apple does make sure that any app that enters the fold and is sold at the App Store is safe for everyone to use. But that assurance has been tarnished with the exposure of a security hole that allows an app that passed Apple’s review to turn rogue.

The vulnerability was revealed by Charlie Miller, an Apple security researcher. The app Miller developed was an innocuous looking stock checking app that communicates with a server located in Miller’s home. The app was reviewed by Apple and was deemed safe. It was made available in the App store. The shenanigan happens after the app is downloaded. The app’s code gets updated remotely and from here on in the app will be able to gather information stored on the phone and send it back to the server. The bad news is that the phone user won’t even have any idea that this is happening because it occurs in the background. The app takes advantage of a security hole in the mobile Safari app that will allow apps to run a code that has not been approved by Apple.

Apple has removed the app from the App Store and has also removed Miller from the Apple developer program.



Kokou Adzo

Kokou Adzo

Kokou Adzo is a stalwart in the tech journalism community, has been chronicling the ever-evolving world of Apple products and innovations for over a decade. As a Senior Author at Apple Gazette, Kokou combines a deep passion for technology with an innate ability to translate complex tech jargon into relatable insights for everyday users.

2 thoughts on “App Store Security Vulnerability Allows Entry of Malicious Apps

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts