Monday, February 22, 2016

How ZergHelper Evaded App Review

Claud Xiao (via Javier Soto):

ZergHelper appears to have gotten by Apple’s app review process by performing different behaviors for users from different physical locations on earth. For users outside of China, it would act as what it claimed: an English studying app. However, when accessing the app from China, its real features would appear.

The app was made available in the App Store on October 30, 2015. However, nobody appeared to have noticed ZergHelper’s hidden functionality until February 19, 2016, when a user created a post in V2EX (a Chinese developer forum) to discuss it. We shared our findings with Apple on February 19, and Apple removed the app from the App Store later that day.

ZergHelper’s main functionality appeared to be to provide another App Store that includes pirated and cracked iOS apps and games. The app was developed by a company in China that named its main product “XY Helper”. ZergHelper was the non-jailbroken and “official App Store” version of this product.

1 Comment RSS · Twitter

[…] This is an interesting hypothetical. Would breaking into Transmission’s iTunes Connect account be harder than breaking into its Web site? At least the odds seem better that the developers would notice that this had happened. Would sandboxing help, or would the malicious app be able to trick the user into granting it access to non-BitTorrent data? Could such an app get through App Review? […]

Leave a Comment