Apple App Store: Not So Safe?
Over the weekend, a blogger discovered a fake version of Camera+, currently the 8th most popular paid app in the App Store, in the App Store.
Call it blind faith, but most of us iOS users assume every app in the App Store is safe. After all, Apple has a reputation for spending weeks or months reviewing an app submission before it can enter the App Store. When it inexplicably rejected apps like the "gay cure" app or the Google Voice app, I felt a sense of security. But today I learned, that sense is false.
Over the weekend, iPhoneography (via Sophos) discovered a fake version of Camera+, currently the 8th most popular paid app in the App Store, in the App Store. The fake Camera+ page looked identical to the real Camera+ page, except it lacked reviews and had a different developer's name. It was yanked once iPhoneography's Glyn Evans reported it to Apple and the developer of the real Camera+ app, tap tap tap. The developer showed some displeasure on Twitter:
As Sophos' Graham Cluley notes, it's not clear whether or not there was actually any malware in the App. However he plants the seed of doubt:
"But questions still remain as to what went wrong with Apple's approval process," he writes. "Why didn't they notice that someone was uploading a false version of such a well-known app?"
Over the years we've also seen reports of fake star ratings that don't reflect the actual reviews, which are usually negative. For example, check out reviews for the 4.5-star rated app, Alice's Family Resort HD. There's also the more common problem of bogus 5-star reviews to bolster ratings; click here for ways to spot a fake review.
Apple's top-secret vetting process has long been seen as a key defense against the malicious apps that have been discovered in the Android Market. After all, no malicious iOS apps have been reported yet; iOS security tools like as , , and don't even contain an anti-virus component.
But what is now clear is that Apple doesn't vet apps as carefully as we think—or at least, not for obvious violations of copyright infringement.
Apple has not returned a request for comment. On its developer's page it says, "The app approval process is in place to ensure that applications are reliable, perform as expected, and are free of explicit and offensive material. We review every app on the App Store based on a set of technical, content, and design criteria."
Meanwhile, Google is often criticized for reportedly having no vetting process for Android Market app submissions, and should bear some responsibility for the dozens of malicious apps that have been found in its app store (which is still a small number that affects less than 5 percent of Android users, according to Lookout Mobile). Typically Google removes malicious apps after they've been reported, but it's unclear whether they do any vetting at all.
In a recent blog post, Lookout Mobile warned users not to assume the App Store is immune to malware: "Both the Android and Apple operating systems are exposed to mobile threats; currently, we are just seeing different threats targeting each platform. Android’s open architecture and distribution system may offer a few more 'on-ramps' to threats, but both the Android and Apple operating systems are exposed to web-based threats and software vulnerabilities. Both platforms are rapidly growing and both face distinct security challenges. It’s a potentially dangerous fallacy to believe that any mobile platform is impervious to threats. Whether by net or by harpoon, malware developers are out to catch anything they can."
Be sure to check out PCMag's latest review of Camera+.