How do malware apps break into the App Store?
How malware gets into the App Store and why Apple can't stop that / Habr
https://habr.com/en/post/580272/
According to Tokarev, the app developer will upload the app's binary file to Apple's server in order to be reviewed by Apple before the app is actually delivered. When an app's binary file is uploaded to an Apple server, it is first subjected
However, Tokarev points out that there are several ways to hide the existence of private APIs. There are various ways to do this, such as using the zero-day vulnerability in Apple's genuine game-related system 'Game Center' and using Caesar cipher. 'By obfuscating or splitting the string containing the function name, the private API will not be detected. These methods are used in apps with hundreds of millions of downloads,' Tokarev said. I'm checking. '
A malicious developer who exploits a private API to publish an app to the App Store can pose a security risk. In addition to the existence of the vulnerability, Tokarev also pointed out that the application review guidelines are inadequate. 2011 malware app that former US National Security Agency (NSA) staff developed experimentally has been published in the App Store
Mr. Tokarev criticized the current situation where Apple talks about the safety myth of the App Store, does not allow sideloading of apps, and sets an in-app purchase fee of 30% to dominate the market. In order for developers to be treated more freely and fairly, despite the ruling that 'giving app developers the right to introduce payment methods that do not go through the App Store' in the App Store trial. It is said that it is necessary to fight against.
Related Posts:
