A group of researchers from Georgia Tech recently managed to get a malicious app past Apple’s review process, finding the company runs only a few seconds’ worth of tests before posting an app to the App Store. Given the name “Jekyll,” the malicious software was uploaded to Apple’s App Store in March to test the company’s control measures, which dictate what apps are allowed to be distributed through the App Store, according to MIT’s Technology Review.
According to the research term responsible for creating the software, Apple was unable to distinguish dormant bits of code that would later be assembled into a malicious app. Once installed on a victim’s device, Jekyll, disguised as a news delivery app, was able to post tweets, send email and text messages, access the phone’s address book, take pictures and direct Safari to malicious website, among other malicious actions. According to Stony Brook University research Long Lu:
The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed.
The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen.
Source: Technology Review