This is just a proof of concept. No app with this flaw would ever get sold on the App Store. Apple would detect it and reject it in a heartbeat. Walled garden my ass!
konqerror wrote: »
Repeat after me. When you submit an app to the app store, you only send in a binary. Apple cannot determine the logic of your program unless they reverse engineer your binary which is very difficult to do. This is like me giving you the iTunes binary and asking if you can find any hidden code in it.
You have to understand that the main way iOS ensures security is through limited app permissions, which has been breached here. The main purpose of app review is to check for things like porn and in app purchases.
I think you're overestimating how much can be found by a binary scanner. It may find clear violations like using undocumented APIs, but code that is written to do things in a roundabout way is nearly impossible to decipher without a detailed analysis by a programmer. It's very easy to confuse even the Clang/LLVM static analyzer which has full access to the source code.
The only solution is to have a rock solid OS that can prevent apps from performing actions outside the sandbox at runtime. I don't blame the binary scanner here, this is a sandbox problem.