Wednesday, February 15, 2023

Swapping App Data After Review

William Gallagher:

Con artists involved in a so-called “pig butchering” scam sneaked apps into Apple’s App Store and Google Play Store by temporarily presenting innocuous functionality.

[…]

As the apps went through review, they each appeared to be doing exactly what they claimed to be.

Once the apps were approved and on the App Store, though, the destination websites were seemingly changed.

[…]

In this case, the very presence of the apps on the App Store and Google Play Store helps make them seem legitimate.

Previously:

3 Comments RSS · Twitter · Mastodon

All the while legitimate apps are banned because of a dumb reason.

This is why the App Store gatekeeper philosophy is just security theater.

In general, the SDUI approach taken up by more and more companies makes a one-time review absolutely pointless.

It might be more user- (and dev-) friendly, as well as more efficient security-wise, if Apple would simply approve everything, put a good "report this app" system in place and have their current reviewers instead then review the reported apps - because there seems to be too few people working on this important task right now, as we can tell from the numerous known "bad" apps that keep on staying in the App Store.

Leave a Comment