This is how malicious apps trick Apple’s App Store security filters

/ Hotstar / By
Hotstar in UAE
Hotstar in UAE

Recently, a malicious app managed to bypass Apple’s App Store security filters. It was available for a while, but a report exposed it, and the company took action. Now, more details have emerged about how these apps “trick” the Cupertino giant’s review system into reaching the App Store.

Malicious apps use geofence to trick the App Store review system

As reported by 9to5Mac, the malicious apps primarily use a method called “geofence.” It consists of displaying a different UI or functionality depending on the location detected by the app. For example, a pirate streaming app can disguise its true UI when getting through Apple’s security systems. They may also resort to false names to help them blend in more unnoticed. This recently happened with an app called “Collect Cards,” whose real goal was to offer pirated media content.

The geofence prevents the App Store’s automatic evaluation systems from being able to detect at first what the app actually does. If the app detects a location that matches a “dangerous” geographic area (such as the United States), its UI could display a simple card game. However, if the app detects other countries with more lax anti-piracy laws, such as Brazil, it will show its true colors.

Also, the app does not activate its geolocation API immediately after running it so as not to raise suspicions with the automatic evaluation system. So, by default, it will always show the fake UI first.

Similar apps share the same code base

Developers of these types of apps use a common code base. They are usually built around the React Native framework and CodePush (Microsoft’s SDK). The latter is especially important as it enables tweaks to the app without having to submit new updates through the App Store. This way, the risk of detection is further reduced. After all, the app does not go through the usual security filters that each update upload requires.

According to the source, the code base for these types of apps comes from a single GitHub repository. So, in theory, anyone could try to upload their own malicious apps and try to bypass the security filters. While the pirate streaming app was removed, Apple did not reveal whether it would tweak its app review system. In the past, theoretically, non-malicious apps, such as Uber, have also used geofences to hide a system of user tracking across its web.

2024-08-07 15:11:14