Researchers Prove Flaw in App Store Vetting Process

Posted on by

App Store iPhone app flaw

When we last heard from the researchers at Georgia Institute of Technology, they were demonstrating a proof of concept that a malicious charger could be created that would install malware on iDevices. Now they’re back, and demonstrating a proof of concept that apps with hidden functionality could get past Apple’s App Store vetting process. While their previous demonstration was more interesting in an academic than practical sense, this one drives home a point that has been made in the past about scam-apps.

When those people vetting apps are not thoroughly analyzing submissions, they’re hardly truly vetted apps. I’ll admit some bias here, since vetting files is sort of what antivirus researchers do too. Between automation and human research, most files go through several levels of analysis, both static and dynamic. That analysis can take between minutes for something that’s obviously bad (particularly small variations of known threats) and several hours before a final determination is made.

The Apple spokesperson quoted in the Technology Review article mentioned that changes have been made to the review process to deal with this sort of dynamic code-changing issue. Just to be on the safe side, this serves as a good reminder that it’s always good to be thorough about checking for a high number of downloads and positive reviews of new apps before installing them on your iOS device. This isn’t foolproof either, but it will help decrease the odds of installing problematic apps.