Researcher reports fraudulent apps on the App Store


Despite Apple’s claims that the App Store is a “safe place you can trust,” it seems some developers are still finding ways to circumvent the company’s review process to distribute fraudulent apps to people. iPhone, iPad and Mac users. This time, a researcher identified as “Privacy1St” (Alex Kleber) shared a report on several Chinese apps that tricked the App Store review team.

Apps can fool the App Store review team

The report was shared in a post on Medium and was also supported by security researchers and a former NSA staff member Patrick Wardle. The investigation looked at seven different Apple developer accounts believed to be operated by the same Chinese developer. According to the report, these apps abuse App Store guidelines in different ways.

As noted by the researcher, most of these apps contain hidden malware that can receive commands from a server. This way, the malicious code waits for the app to be approved in the App Store before going live. This technique allows developers to modify even the entire application interface remotely so that Apple sees a completely different application than what will be delivered to users.

Although the apps were published by different developer accounts, they all establish communications with domains using services like Cloudflare and Godaddy in order to hide their hosting provider. Interestingly, the privacy policy website of these apps redirects users to public web pages created with Google Sites.

Another aspect of these apps’ code that ties them to the same developer is that they all use the same password to decrypt a JSON file used to mislead the App Store review team. In some cases, this developer has released basically the same app under different accounts, so that these apps can reach and trick even more users.

Fake reviews and more

As noted by the report, one such app is a “PDF reader” which has been listed as one of the most downloaded apps on the US Mac App Store. Once downloaded, the app prompts users to pay for a subscription plan. But the whole scheme goes way beyond that, as all of these apps have a suspicious amount of positive reviews among negative reviews claiming the apps don’t work.

Of course, these positive reviews are fake and bought by the developer to make regular users believe that the app is legit. Since the report was published, Apple has removed most fake reviews of these apps. Some of the malicious apps also seem to have been removed from the Mac App Store.

Last month, Apple said the App Store stopped “nearly $1.5 billion in fraudulent transactions in 2021” thanks to the App Store Review Team. However, this is not the first or second time that researchers have shown that the App Store is still very susceptible to fraudulent apps. Meanwhile, Apple keeps saying that the sideloading process is the real enemy of users.

FTC: We use revenue-generating automatic affiliate links. After.

Check out 9to5Mac on YouTube for more Apple news:


Comments are closed.