Potential Malware Makes it Through App Store Review Process
Should we start with the good news or the bad news? Let's start with the good.
This week, an iOS app available in Apple's App Store was found to contain an embedded Trojan horse. Auspiciously, the app isn't nefarious and no immediate danger is presented.
The bad news, however, is that this potential malware threat - regardless of how innocuous it may be - found its way past Apple's review process and managed to land inside of what some believe to be a secure fortress from malware.
"The app Simply Find It, a $2 game from Simply Game, seems harmless enough. But if you run Bitdefender Virus Scanner—a free app in the Mac App Store—it will warn you about the presence of a Trojan horse within the app," says Lex Friedman of MacWorld. "A reader tipped Macworld off to the presence of the malware, and we confirmed it."
Although Android has been proven to be a cesspool of malware, iOS territory is still considered to be a largely malware-free environment. This latest incident, of course, could suggest that the App Store isn't as immune to these threats as previously thought.
Security expert Rich Mogull tells Friedman that the app causing all of this trouble in the first place is "certainly harmless."
“If Apple tested the app by running it in a sandbox and watching the app’s activities, that would be more effective than scanning MP3s for malware strings,” Mogull explains. But it remains unclear how Apple actually tests apps. “Thus,” Mogull concludes, “we don’t know for sure if [any Apple malware-scanning] process worked or not. A malware link that never runs isn’t a threat, and there are very legitimate ways of testing that won’t find something like this if it isn’t a valid exploit.”