This is how criminals cheer malicious apps on you
Apple’s app ecosystem is considered secure but still has holes, as a recent report shows. In a perfidious way, namely by using an official Apple platform, malicious apps can be foisted on iPhone users. What do users have to consider now?
If you want to offer apps in the Apple world, you have to stick to the rules, so no iPhone app gets into the App Store without being checked. Millions of iPhone users can and rely on it. But what many people don’t know is that you don’t necessarily need the App Store to install apps on an Apple cell phone. Fraudsters are currently taking advantage of this fact.
iPhone users at risk: This is how infected apps are now coming to Apple phones
A criminal organization called “CryptoRom” managed to distribute fake cryptocurrency apps to iOS and Android users (source: Sophos). This was of course particularly easy on Android, after all apps can officially be installed there without the Google Play Store. This is called sideloading, a process that Apple has so far strictly rejected for the iPhone. But how could the scammers still distribute their infected apps on the iPhone?
As the report reveals, the criminals use Apple’s official platform for distributing beta apps – TestFlight. Using TestFlight, developers can invite up to 10,000 users to try out their apps in advance – bypassing the App Store. Advantage in this case for the scammers: Such beta apps do not have to go through the App Store review process per se.
Through this ruse, Apple has no knowledge of such occurrences. Any iOS user using TestFlight on iPhone can easily download and install such apps. Distribution is even easier for fraudsters, since it does not necessarily require an individual invitation. It is sufficient to provide a public download link.
Criminals also use such tricks:
And there is another distribution method used by criminals. For this you access web apps. These are in the case Deceptive websites that are added to the iPhone’s home screen and run there as an app. Web apps are of course completely outlaws and cannot be checked by Apple at all.
There are also useful and non-malicious web apps:
What does Apple say and recommend?
All very worrying. But what does Apple say, what do users have to consider now, how can they protect themselves? A direct change in the TestFlight processes is not to be expected from the iPhone manufacturer, after all, even tens of honest developers depend on it. Instead, Apple refers to personal responsibility. To protect yourself from scammers, one should not install apps and software from unknown sources. This applies even if they are distributed via the official TestFlight platform. For even more safety instructions and tips, Apple refers to a specially set up website (watch at Apple).