Editorial: Despite claims to the contrary, the App Store isn't loaded with malware

Posted:
in General Discussion edited October 2019
A report is being circulated as proof that the App Store has been infected by malware apps that could steal your data one day. Only, AppleInsider has been examining the research for some time, and it is baseless exaggeration, riddled with inaccuracies.

Wandera claims multiple apps by AppAspect Technologies contain
Security firm Wandera claims multiple apps by AppAspect Technologies contained "clicker Trojan" code


Mobile security company Wandera claims to have discovered 17 apps containing "clicker Trojan malware" on the App Store. But while the firm has uncovered an issue, what they found were apps from one single developer that violated the App Store's rules to include the ability to automatically click on ads -- and that's it.

"What concerns me the most about this instance of the clicker trojan being used to infect iOS apps is the backdoor it represents," Michael Covington, VP of Product, Wandera, told AppleInsider. "This direct-to-device channel is being used to deliver ads today, but could easily be used tomorrow to facilitate the delivery of phishing attacks, additional malware or remote control commands."

Wandera does correctly say that apps using this code could artificially boost revenues for a firm by fraudulently adding to their clicks received. But, nothing that the report claims the app could do beyond that at some point in the murky future, can be done on iOS as they claim.

There is no way for the app developers to add additional attack surfaces to the app on the fly. There is also no way to make the functionality contagious, using the command and control server that the company says that it has found. Further, Apple's iOS sandboxing prevents any user data theft without the user actively providing that data to the app.

The security company's conclusion that this represents dangerous malware and a breach in the iOS App Store's security is baseless hyperbole. Based on this and multiple errors in the company's research as sent to AppleInsider, we initially declined to report the story. But, it's making the rounds anyway, and seemingly isn't being checked.

Research, emails, and discovery

The errors were impossible for us to ignore. Wandera originally told us that it had found 18 apps out of 56 that a developer called AppAspect Technologies had on the App Store. That developer only had 50. And of the 18, we pointed out that one was a duplicate.

Wandera's official site. Notice the number 17. They told us it was 18, until we pointed out their duplication.
Wandera's official site. Notice the number 17. They told us it was 18, until we pointed out their duplication.


Wandera's website maintains that the company exists to "protect your organization, your information and, most of all, your people."

"We believe prevention is better than the cure, and this is why we stay ahead of the latest threats: so you don't have to worry about them," it continues.

Despite this, Wandera seemingly did not contact AppAspect Technologies. When we did, that company told us that it did not know about Wandera's claims. So, we contacted Apple.

What Apple said

A spokesperson told us that Apple found no malware, but the company did remove the apps because they contained ad-clicking code that violates App Store guidelines. Apple also told us that it had introduced new measures to spot any similar submissions in future.

Once the apps had been removed, we were contacted by AppAspect Technologies who told us that they were working to fix the problem and get their apps restored to the Store.

Only about one day after Apple had removed the apps did Wandera respond to our asking if they had disclosed their findings to the company.

"Wandera is actively working with Apple to share their findings," the security company insisted, "in the hopes that they initiate a take down of the compromised apps."

Security research is important, but responsibility is too

The fact that apps made it into the App Store while violating Apple's rules isn't trivial. That they could potentially have been used to fraudulently generate ad-traffic revenues is of course serious.

But this is in no way a case of malware infecting the iOS App Store.

The official site of AppAspect Technologies, some of whose apps have been removed
The official site of AppAspect Technologies, some of whose apps have been removed


If it was, if this were genuinely a case of malware as serious as Wandera would have you believe, there are responsible approaches for disclosure. The responsible thing would have been for the company to contact Apple before announcing its findings as if were a major disclosure of a security issue -- as nearly every other security researching firm does.

Doing so in the media with inaccurate hyperbole isn't the way to go about that.
lolliverwatto_cobra

Comments

  • Reply 1 of 9
    Yes Agreed! Especially that last Line... I've taken issue with a couple of British guys who write Apple tech articles that are so far off base and whacked that I had no choice but to lambaste them with criticism, and providing facts & proof of my rebuttals. One writes for Forbes and I cannot believe they keep him on staff or contract. When you work on a MacBook Pro with 126 Apps like I do all day, every day, it's easy to become Incensed when you read totally inaccurate garbage. One case and point is supposedly how messed up Catalina is.. yet I have 124 out of 126 apps that work just fine with Catalina except for maybe a couple hiccups. The two remaining Apps that had issues were just updated within the past couple days.. so now I have 126 our of 126 Apps that work almost perfectly with Catalina. I called both "writers" BOZOs, a favorite of Steve Jobs for ignorant or inept people who pretend to know but their "works" prove otherwise. ~RpH
    Andy.Hardwakewonkothesanelolliverwatto_cobrajony0
  • Reply 2 of 9
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    What morons are claiming App Store is filled with Malware??? W>>>T>>>F>>>?!>!>

    That's like defending New York City and claiming a deserted Island has more criminals.
    watto_cobra
  • Reply 3 of 9
    DAalsethDAalseth Posts: 2,783member
    FUD by people with an ax to grind.
    AppleExposedlkruppwatto_cobrajony0
  • Reply 4 of 9
    MplsPMplsP Posts: 3,911member
    Yes Agreed! Especially that last Line... I've taken issue with a couple of British guys who write Apple tech articles that are so far off base and whacked that I had no choice but to lambaste them with criticism, and providing facts & proof of my rebuttals. One writes for Forbes and I cannot believe they keep him on staff or contract. When you work on a MacBook Pro with 126 Apps like I do all day, every day, it's easy to become Incensed when you read totally inaccurate garbage. One case and point is supposedly how messed up Catalina is.. yet I have 124 out of 126 apps that work just fine with Catalina except for maybe a couple hiccups. The two remaining Apps that had issues were just updated within the past couple days.. so now I have 126 our of 126 Apps that work almost perfectly with Catalina. I called both "writers" BOZOs, a favorite of Steve Jobs for ignorant or inept people who pretend to know but their "works" prove otherwise. ~RpH
    Pretty much every Apple article I’ve seen by Forbes is a hyperbolic clickbait article that is inaccurate and/or omits critical facts. I’ve seen similar clickbait articles on Samsung phones, so at least they spread their poor journalism around.

    To be fair, the Catalina roll out hasn’t exactly been bug free, and there have been some pretty major bugs, so even though you’re having good luck with it I dont’ think you can call it a roaring success.

    edited October 2019 dysamoriamuthuk_vanalingamphilboogie
  • Reply 5 of 9
    sflocalsflocal Posts: 6,092member
    I hate to have to say this, but in this day and age of fake news I wish there were some kind of mechanism in place put people on notice that knowingly spreading news that has zero basis in fact, will result in some kind of penalty, especially financial.

    The gall that companies like these have to put out reports that are flat-out lies hurts journalism everywhere.  It's people like these that makes any kind of news reporting suspect.  It really needs to stop.
    muthuk_vanalingamwatto_cobrajony0
  • Reply 6 of 9
    lkrupplkrupp Posts: 10,557member
    I wish these writers could be sued for defamation, slander, and economic damages. But alas, they can’t be touched. I do remember when GM sued NBC for $1 Billion in 1993 over the faked gas tank explosions on GM pickup trucks. Jane Pauley and Stone Phillips spent an entire show withdrawing their claims and apologizing for rigging the explosions. It was fun to watch arrogant news types go through that embarrassing episode.
    watto_cobra
  • Reply 7 of 9
    It's a cheap way of advertising your company - even if then many people may think you're rubbish.
    watto_cobra
  • Reply 8 of 9
    Yes Agreed! Especially that last Line... I've taken issue with a couple of British guys who write Apple tech articles that are so far off base and whacked that I had no choice but to lambaste them with criticism, and providing facts & proof of my rebuttals. One writes for Forbes and I cannot believe they keep him on staff or contract. When you work on a MacBook Pro with 126 Apps like I do all day, every day, it's easy to become Incensed when you read totally inaccurate garbage. One case and point is supposedly how messed up Catalina is.. yet I have 124 out of 126 apps that work just fine with Catalina except for maybe a couple hiccups. The two remaining Apps that had issues were just updated within the past couple days.. so now I have 126 our of 126 Apps that work almost perfectly with Catalina. I called both "writers" BOZOs, a favorite of Steve Jobs for ignorant or inept people who pretend to know but their "works" prove otherwise. ~RpH

    If you read forbes for tech news, that's on you!
    watto_cobra
  • Reply 9 of 9
    gatorguygatorguy Posts: 24,178member

    What Apple said

    A spokesperson told us that Apple found no malware, but the company did remove the apps because they contained ad-clicking code that violates App Store guidelines. 
    In other app stores this would be referred to as malware when Forbes or "security companies" discuss it. At least they're consistent with FUD.
    FileMakerFeller
Sign In or Register to comment.