Pirated App Store Client For iOS Found On Apple's App Store (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Pirated App Store Client For iOS Found On Apple's App Store (helpnetsecurity.com)

Posted by timothy on Monday February 22, 2016 @02:21AM from the infinite-recursion dept.

An anonymous reader writes: An app called "Happy Daily English", which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices. Its discovery shows that there are new techniques that can be used to fool Apple reviewers into allowing potentially malicious apps into the App Store, that enterprise certificates can be easily abused, and that there are ways for bypassing Apple's prohibition of apps dynamically loading new code.

14 of 55 comments (clear)

Min score:

Reason:

Sort:

Easy removal? by mwvdlee · 2016-02-22 02:32 · Score: 3, Insightful

I'm assuming Apple's walled garden approach makes it so much easier to remove this app and any apps, virusses and trojans potentially installed by it.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Re:Easy removal? by AmiMoJo · 2016-02-22 02:52 · Score: 4, Informative
  
  Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:Easy removal? by rsborg · 2016-02-22 07:12 · Score: 2
  
  Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.
  And theoretically, the Police may be able to arrive on-scene before the criminals depart... but that only seems to be feasible in environments where crime isn't rampant. Let's face it, the walled-garden approach does result in better overall security for users (at a price), not unlike gated communities.
  
  --
  Make sure everyone's vote counts: Verified Voting
Law Enforcement Implications by dlleigh · 2016-02-22 02:34 · Score: 5, Funny

So the FBI doesn't need Apple to help them get the information on the San Bernadino shooter's phone after all. They can just ask the Chinese.
1. Re:Law Enforcement Implications by Coisiche · 2016-02-22 02:41 · Score: 2
  
  They're not going to tell anyone, let alone the FBI, if they have technique for getting information from locked iPhones. Many western politicians use them and that would be too good a source of intel to pass up.
2. Re:Law Enforcement Implications by U2xhc2hkb3QgU3Vja3M · 2016-02-22 03:07 · Score: 3, Funny
  
  And what would be a good source of AMD?
There were warning signs... by Harold+Halloway · 2016-02-22 02:49 · Score: 2

The occurrence of the words 'happy' and 'English' in the same sentence should have started alarm bells sounding.
1. Re:There were warning signs... by AmiMoJo · 2016-02-22 03:07 · Score: 2
  
  Maybe it's just the English version of Happy Daily. There are lots of alternative app stores for iOS in China. They allow you to browse apps through their own interface and often have tie ins with social networks and let you earn virtual currency for using them. When you actually go to install an app it takes you directly to the right screen in the Apple app store.
  I saw a Chinese friend setting up a new iPad a few years back, She installed some third party app store, logged in to here QQ account and could see all the stuff her friends had installed so was able to find the apps she wanted quickly. When one of her friends mentions some cool new app, she only has to open the app store and it's right there without having to search.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:I knew something was suspicious about that app by AmiMoJo · 2016-02-22 02:58 · Score: 3, Informative

This is a really weird myth. The Chinese can say the L sound perfectly, it's actually the R sound that they have some slight issues with. Koreans too, which makes that puppet film all the more bizarre.
The Japanese have some issues with the L sound, which I guess must be the origin of the myth. Japanese, Chinese, Korean, all the same, right?

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Times change by SmaryJerry · 2016-02-22 03:42 · Score: 2, Insightful

The biggest reason macs had "no viruses" were that they also had no users so it wasn't worth it for a hacker. Now that Apple products are mainstream, all that changed.
I want an Android app that's a jailbreak loader by davecb · 2016-02-22 04:05 · Score: 2

If one can load apps on a nominally un-jail-broken apple, how about one to load (and remove) apps from an android? My phone is full of crapware. amd I want a wifi tracking app that wants a jailbroken phone (:-))

--
davecb@spamcop.net
or.... by JustNiz · 2016-02-22 04:27 · Score: 2

the Apple store guardians actually saw through it straight away but decided to let it through anyway since it actually promotes free speech/Apple's own agenda and because its a 3rd party app, it gives them plausible deniability.
Re:Oh. by U2xhc2hkb3QgU3Vja3M · 2016-02-22 06:26 · Score: 2

Didn't you don't not read the non-word not "non-jailbroken"?
Re:Oh. by Falos · 2016-02-22 07:27 · Score: 2

I... uh... maybe?