All the latest UK technology news, reviews and analysis

Pirates target iOS enterprise loophole to spread fake iPhone apps

28 Jan 2013

Chinese cyber crooks are exploiting a loophole in Apple's iOS enterprise deployment procedures to release pirated apps onto iPhones.

Trend Micro reported detecting a new influx of pirated apps appearing on iOS over the past few weeks in a blog post.

"In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services," said Warren Tsai, product manager for Trend.

Tsai said apps are able to appear on non-jailbroken iOS devices, a development that significantly widens the threat to iPhone users, thanks to a loophole in Apple's iOS enterprise deployment policy.

"The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users," he said.

Apple has traditionally managed to keep its mobile iOS operating system free of malicious apps and software by employing a closed development model, where all apps must be vetted before appearing in its official store.

Trend Micro said that while the pirate apps appearance is troubling, they do not currently pose a serious security risk.

"This ‘newly discovered' method represents one of the methods to get malicious/fake apps onto the iOS devices. However, because the iOS sandbox has not been compromised, what each app can and can't do is rather limited," added Tsai.

The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem.

"For now it's not likely to be much of a security threat, as the number of users who would actually use these ‘pirated' app stores is rather limited. However, it does represent an interesting avenue for targeted attacks in enterprise settings."

The news follows a boom in the volume of mobile malware targeting the competing Android ecosystem.

Trend Micro had previously warned the number of malware strains targeting Android would break past the one million milestone by the end of the year.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Freelance Mid-weight Digital Producer

Our client is a renowned agency based in the heart of...

Digital Project Analyst - Digital Web / App Agency

Digital Project Analyst - Digital Web / App Agency London...

Lead Business Analyst - IFRS - 12 Month Contract

Lead Business Analyst - IFRS 9 - 12 Month Contract...

Traffic Manager

Our client is one of the world's leading creative agencies...
To send to more than one email address, simply separate each address with a comma.