Pirated App Store Client For iOS Found On Apple's App Store (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Pirated App Store Client For iOS Found On Apple's App Store (helpnetsecurity.com)

Posted by timothy on Monday February 22, 2016 @02:21AM from the infinite-recursion dept.

An anonymous reader writes: An app called "Happy Daily English", which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices. Its discovery shows that there are new techniques that can be used to fool Apple reviewers into allowing potentially malicious apps into the App Store, that enterprise certificates can be easily abused, and that there are ways for bypassing Apple's prohibition of apps dynamically loading new code.

30 of 55 comments (clear)

Min score:

Reason:

Sort:

Easy removal? by mwvdlee · 2016-02-22 02:32 · Score: 3, Insightful

I'm assuming Apple's walled garden approach makes it so much easier to remove this app and any apps, virusses and trojans potentially installed by it.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Re:Easy removal? by AmiMoJo · 2016-02-22 02:52 · Score: 4, Informative
  
  Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:Easy removal? by Anonymous Coward · 2016-02-22 06:51 · Score: 1
  
  Well Android is likly going to have a harder time preventing it from being resubmitted and showing up again.
  Apple can deny any app that looks superficially similar to this one if they want to.
3. Re:Easy removal? by rsborg · 2016-02-22 07:12 · Score: 2
  
  Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.
  And theoretically, the Police may be able to arrive on-scene before the criminals depart... but that only seems to be feasible in environments where crime isn't rampant. Let's face it, the walled-garden approach does result in better overall security for users (at a price), not unlike gated communities.
  
  --
  Make sure everyone's vote counts: Verified Voting
Law Enforcement Implications by dlleigh · 2016-02-22 02:34 · Score: 5, Funny

So the FBI doesn't need Apple to help them get the information on the San Bernadino shooter's phone after all. They can just ask the Chinese.
1. Re:Law Enforcement Implications by Coisiche · 2016-02-22 02:41 · Score: 2
  
  They're not going to tell anyone, let alone the FBI, if they have technique for getting information from locked iPhones. Many western politicians use them and that would be too good a source of intel to pass up.
2. Re:Law Enforcement Implications by U2xhc2hkb3QgU3Vja3M · 2016-02-22 03:07 · Score: 3, Funny
  
  And what would be a good source of AMD?
I knew something was suspicious about that app by NotDrWho · 2016-02-22 02:44 · Score: 1, Troll

The first clue was that is was called "Happy Daily English" instead of the proper "Happy Daily Engrish"

--
SJW's don't eliminate discrimination. They just expropriate it for themselves.
1. Re:I knew something was suspicious about that app by AmiMoJo · 2016-02-22 02:58 · Score: 3, Informative
  
  This is a really weird myth. The Chinese can say the L sound perfectly, it's actually the R sound that they have some slight issues with. Koreans too, which makes that puppet film all the more bizarre.
  The Japanese have some issues with the L sound, which I guess must be the origin of the myth. Japanese, Chinese, Korean, all the same, right?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:I knew something was suspicious about that app by U2xhc2hkb3QgU3Vja3M · 2016-02-22 03:08 · Score: 1
  
  Japanese, Chinese, Korean, all the same, right?
  Exactly! Just like people from France and Québec are the same, and people from the UK, the U.S.A. and Australia are the same.
3. Re:I knew something was suspicious about that app by Anonymous Coward · 2016-02-22 04:00 · Score: 1
  
  The Japanese have some issues with the L sound, which I guess must be the origin of the myth.
  The problem is R is pronounced very differently depending on where you are as well as which word it's used in. Japanese has 5 characters with the sounds ra, ri, ru, re, ro (unicode missing, look up hiragana on wikipedia if you like). Here is the twist: it's a very weak R, much like the Icelandic R and to some degree much like R sounds like in many European languages. However when Americans read the letter R, they pronounce it very strongly, which makes it sound really weird in Japanese.
  The result is that those letters are then written with Ls instead of Rs to make it sound more correct when Americans try to pronounce Japanese words. Most Europeans still needs R for best match, which mean it ended up something like L when writing US English and R when writing British English or German. With little or no knowledge of word pronunciation in the west, this is reduced to it should sometimes be R and sometimes L. To make matters worse, they are interchangeable when writing Latin letters, which the computer then converts into Japanese (the most normal way to type). It's the perfect setup for mixing up those two letters.
  There are no other really confusing parts in writing Japanese with English characters. The rest of the issues are more strait forward and will not cause outstanding errors in English. A good example is Tokyo, which in Japanese have writing to extend the vowels and the Japanese spelling/pronunciation is actually Toukyou. A little different, but nothing which cause problems when trying to write English.
  If anything, the Americans are just as guilty for the R/L confusion as the Japanese. After all if the R sound had stayed European, the problem wouldn't exist. However I don't want to blame anybody for this because nobody living today had any influence on it and nobody caused this problem intentionally. Knowing that doesn't make the problem go away and even knowing the cause of it, I still get confused about it from time to time when trying to write Japanese words with Latin letters and I'm not even a native Japanese speaker.
  If anybody is to be blamed for weird English/Japanese spelling, it should be those responsible for writing English loanwords in Japanese. Computer is spelled konputa and this is a very general rule. The words sounds sort of the same, but the spelling is different. In other languages the English word computer is introduced with the same spelling or occasionally they get a local name, which doesn't try to sound like English. The whole concept of sounding like English with a different spelling is very flawed and possibly a much bigger source of English misspelling than the R/L issue. Unlike the R/L issue, the English loanwords are intentionally introduced that way and all are created after WW2. This mean this is a created problem rather than something, which just happened.
4. Re:I knew something was suspicious about that app by Flavianoep · 2016-02-22 04:08 · Score: 1
  
  No, it's more like people from England and France are all the same... (in the historical and linguistic sense...)
  Not in the linguistic sense, at all! English and French have been proven to be related, with high confidence. The same cannot be said about Japanese and Korean; nor do either of them even seem to be related to Chinese.
  
  --
  Linux is for people who don't mind RTFM.
5. Re:I knew something was suspicious about that app by Falos · 2016-02-22 07:34 · Score: 1
  
  Nah mate, we ain't grokkin that, not in my house, y'feel me? Peace.
  
  https://xkcd.com/771/
6. Re:I knew something was suspicious about that app by Required+Snark · 2016-02-22 08:28 · Score: 1
  
  You are a racist fuck.
  
  --
  Why is Snark Required?
7. Re:I knew something was suspicious about that app by NotDrWho · 2016-02-22 09:02 · Score: 1
  
  Is that arr you got, pussy?
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
8. Re:I knew something was suspicious about that app by _merlin · 2016-02-22 12:22 · Score: 1
  
  You can't spell an imported word the same way it's spelled in the original language if your alphabets don't line up.
9. Re:I knew something was suspicious about that app by jrumney · 2016-02-22 17:10 · Score: 1
  
  Japanese has 5 characters with the sounds ra, ri, ru, re, ro (unicode missing, look up hiragana on wikipedia if you like). Here is the twist: it's a very weak R
  I'm not sure what you mean here by weak, but it is a rolled r, something between the English R and L sounds, exactly where between those sounds is dependant on dialect. The key thing though, is that they do not have two different sounds for R and L, so when they pronounce an English word with their in-between Japanese R, it can easily sound like they've mixed them up. And because it is the same sound to them, they often confuse R and L in written English (sometimes it seems they are wrong more often than right).
  
  Computer is spelled konputa
  Konpyuuta.
  
  The whole concept of sounding like English with a different spelling is very flawed
  Really? Can you name a language which does things differently?
  
  and all are created after WW2
  Not at all. Using foreign loan words was discouraged for a few years during WW2, but there were a lot of English, Portuguese and other loan words being spelt in katakana well before then.
There were warning signs... by Harold+Halloway · 2016-02-22 02:49 · Score: 2

The occurrence of the words 'happy' and 'English' in the same sentence should have started alarm bells sounding.
1. Re:There were warning signs... by AmiMoJo · 2016-02-22 03:07 · Score: 2
  
  Maybe it's just the English version of Happy Daily. There are lots of alternative app stores for iOS in China. They allow you to browse apps through their own interface and often have tie ins with social networks and let you earn virtual currency for using them. When you actually go to install an app it takes you directly to the right screen in the Apple app store.
  I saw a Chinese friend setting up a new iPad a few years back, She installed some third party app store, logged in to here QQ account and could see all the stuff her friends had installed so was able to find the apps she wanted quickly. When one of her friends mentions some cool new app, she only has to open the app store and it's right there without having to search.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:I dont have apple & dont give a fuck by U2xhc2hkb3QgU3Vja3M · 2016-02-22 03:06 · Score: 1

Right on! Come join my World of Warcraft guild, dude!
Oh wait...
Times change by SmaryJerry · 2016-02-22 03:42 · Score: 2, Insightful

The biggest reason macs had "no viruses" were that they also had no users so it wasn't worth it for a hacker. Now that Apple products are mainstream, all that changed.
1. Re:Times change by malditaenvidia · 2016-02-22 05:25 · Score: 1
  
  That and MacOS X being standard UNIX, so it has proper security in place. Last time Windows had anything even remotely resembling, people shunned Vista and painted it as the worst OS ever.
I want an Android app that's a jailbreak loader by davecb · 2016-02-22 04:05 · Score: 2

If one can load apps on a nominally un-jail-broken apple, how about one to load (and remove) apps from an android? My phone is full of crapware. amd I want a wifi tracking app that wants a jailbroken phone (:-))

--
davecb@spamcop.net
1. Re:I want an Android app that's a jailbreak loader by Trax3001BBS · 2016-02-22 08:25 · Score: 1
  
  If one can load apps on a nominally un-jail-broken apple, how about one to load (and remove) apps from an android? My phone is full of crapware. amd I want a wifi tracking app that wants a jailbroken phone (:-))
  Android on a Motorola? Google will help you (not the search) but the company. Only requirement is google apps must be installed, but a hosts file will cover that.
Re:Oh. by Anonymous Coward · 2016-02-22 04:10 · Score: 1

Yes, they are. Didn't you read the word "jailbroken"?
Didn't you read the word "non-jailbroken"?
or.... by JustNiz · 2016-02-22 04:27 · Score: 2

the Apple store guardians actually saw through it straight away but decided to let it through anyway since it actually promotes free speech/Apple's own agenda and because its a 3rd party app, it gives them plausible deniability.
QA by stealth_finger · 2016-02-22 04:36 · Score: 1

I was under the impression that apple QA was 1) Does it do something we do? and 2) Is it pretty enough?. Arguably the first clause should've got this one but if its disguised a bit or in Chinese then no wonder it got past them.

--
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Re:Oh. by U2xhc2hkb3QgU3Vja3M · 2016-02-22 06:26 · Score: 2

Didn't you don't not read the non-word not "non-jailbroken"?
Re:Oh. by Falos · 2016-02-22 07:27 · Score: 2

I... uh... maybe?
Re:Oh. by slashdotwannabe · 2016-02-23 10:28 · Score: 1

Yes I no I didn't.

--
This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for