Security researchers find major flaw in Apple’s App Store approval process

Brad Reed

August 16, 2013 at 3:45 PM

Apple’s App Store has a much better reputation for security than Google Play but that may not last long if more hackers take advantage of a new flaw discovered by a team of researchers at Georgia Tech. Technology Review reports that the researchers successfully posted a malicious app to the App Store that contained fragmented pieces of code that only assembled themselves into malware after users had installed the app. The researchers say that they were able to get away with this because Apple apparently only ran the app for a few seconds before deciding that it was safe and sending it along to the App Store.

“The app did a phone-home when it was installed, asking for commands,” explains Long Lu, a Stony Brook University researcher who helped out the team at Georgia Tech. “This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed… The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen.”

[More from BGR: Full change log for iOS 7 beta 6]

Marc Rogers, a researcher at mobile security firm Lookout, tells Technology Review that such apps present major problems for all mobile platforms because companies may have to constantly monitor all apps that have been installed on customers’ phones to keep their app ecosystems malware-free.

This article was originally published on BGR.com

Yahoo Sports
Based on the odds, here's what the top 10 picks of the NFL Draft will be
What would a mock draft look like using just betting odds?
2d ago
Yahoo Sports
Broncos, Jets, Lions and Texans have new uniforms. Let's rank them
Which new uniforms are winners this season?
8h ago
Yahoo Finance
Jamie Dimon is worried the US economy is headed back to the 1970s
JPMorgan's CEO is concerned the US economy could be in for a repeat of the stagflation that hampered the country during the 1970s.
1d ago
Yahoo TV
Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.
Ryan Gosling, who starred in the skit, couldn't keep a straight face — and neither could some of the "Saturday Night Live" cast.
1d ago
Yahoo Sports
Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion
The Red Sox were already mourning the loss of Tim Wakefield from that 2004 team.
4d ago
Yahoo Sports
Ryan Garcia drops Devin Haney 3 times en route to stunning upset
The 25-year-old labeled "mentally fragile" by many delivered the upset for the ages.
4d ago
Yahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
9d ago
Yahoo Sports
Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal
Cortés' attempt didn't fool Andrés Giménez, who fouled off the pitch.
4d ago
Yahoo Life
Here’s when people think old age begins — and why experts think it’s starting later
People's definition of "old age" is older than it used to be, new research suggests.
2d ago
Yahoo Sports
Jets trade QB Zach Wilson to Broncos
Wilson's starting over in Denver.
1d ago
Yahoo Sports
Arch Manning dominates in the Texas spring game, and Jaden Rashada enters the transfer portal
Dan Wetzel, Ross Dellenger & SI’s Pat Forde react to the huge performance this weekend by Texas QB Arch Manning, Michigan and Notre Dame's spring games, Jaden Rashada entering the transfer portal, and more
2d ago
Yahoo Sports
Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions
Reid's deal reportedly runs through 2029 and makes him the highest-paid coach in the NFL.
2d ago
Yahoo Sports
2024 NFL mock draft: With one major trade-up, it's a QB party in the top 5
Our final 2024 mock draft projects four quarterbacks in the first five picks, but the Cardinals at No. 4 might represent the key pivot point of the entire board.
3d ago
Yahoo Finance
Donald Trump nabs additional $1.2 billion 'earnout' bonus from DJT stock
Trump is entitled to an additional 36 million shares if the company's share price trades above $17.50 "for twenty out of any thirty trading days" over the next three years.
1d ago
Yahoo Finance
What US taxpayers will get for another $61 billion to Ukraine
Congress is finally providing more of the aid Ukraine needs to survive. Here's why this is money well spent.
1d ago
Autoblog
2025 Kia Tasman pickup previewed for global markets
Aimed at the Ford Ranger and other midsize pickups, the Kia Tasman pickup will make its debut by the end of 2024 with body-on-frame construction.
1d ago
Yahoo Sports
Dylan Edwards set to be latest Colorado running back to enter transfer portal
All four rushers who had more than 10 carries in 2023 for the Buffaloes are transferring.
1d ago
Yahoo Sports
Bears request more than $2 billion in public money to fund $4.6 billion stadium project
The numbers for the Bears' proposed stadium project are astounding.
20h ago
Yahoo Sports
Robert Kraft reportedly warned Falcons owner Arthur Blank not to trust Bill Belichick during head coach interviews
Bill Belichick's former boss Robert Kraft reportedly tanked his chances of getting hired as the Falcons head coach.
7d ago
Yahoo Sports
Yankees manager Aaron Boone ejected after fan mouths off to home plate umpire
You don't see an ejection like this every day.
2d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Security researchers find major flaw in Apple’s App Store approval process

Recommended Stories

Based on the odds, here's what the top 10 picks of the NFL Draft will be

Broncos, Jets, Lions and Texans have new uniforms. Let's rank them

Jamie Dimon is worried the US economy is headed back to the 1970s

Everyone's still talking about the 'SNL' Beavis and Butt-Head sketch. Cast members and experts explain why it's an instant classic.

Dave McCarty, player on 2004 Red Sox championship team, dies 1 week after team's reunion

Ryan Garcia drops Devin Haney 3 times en route to stunning upset

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Yankees' Nestor Cortés told by MLB his pump-fake pitch is illegal

Here’s when people think old age begins — and why experts think it’s starting later

Jets trade QB Zach Wilson to Broncos

Arch Manning dominates in the Texas spring game, and Jaden Rashada enters the transfer portal

Chiefs make Andy Reid NFL's highest-paid coach, sign president Mark Donovan, GM Brett Veach to extensions

2024 NFL mock draft: With one major trade-up, it's a QB party in the top 5

Donald Trump nabs additional $1.2 billion 'earnout' bonus from DJT stock

What US taxpayers will get for another $61 billion to Ukraine

2025 Kia Tasman pickup previewed for global markets

Dylan Edwards set to be latest Colorado running back to enter transfer portal

Bears request more than $2 billion in public money to fund $4.6 billion stadium project

Robert Kraft reportedly warned Falcons owner Arthur Blank not to trust Bill Belichick during head coach interviews

Yankees manager Aaron Boone ejected after fan mouths off to home plate umpire