Instascam! Apple yanks phoney app, Google follows A popular but malicious fake Instagram “who viewed your profile” app has been pulled from both Apple's App Store and Google Play – but not until after between 500,000 and a million suckers downloaded it. “Who Viewed Your Profile – InstaAgent” exploited peoples' insecurity (it's also a popular way for Twitter scam accounts to …
......from both Apple's App Store and Google Play – but not until after between 500,000 and a million suckers downloaded it."
F*ck sake!! Always profit, profit, profit, eh Google, eh Apple??? You know if you really wanted to fix this, you could limit new apps to say 10-100 downloads in a release quarantine, just until the developer / app is vetted and / or registered users write praise confirming each app's credibility. But oh no, that won't do...
@AC
'This is the 100millionth time they've let things slip by....' Now, take a deep breath. According to Apple, there are just under 3/4 of a million apps in the app store
(http://ipod.about.com/od/iphonesoftwareterms/qt/apps-in-app-store.htm)
Therefore your post suggests that each app is faulty despite being screened more than 100 times. I've nothing against a bit of hyperbole, but this seems a touch OTT. Have a drink while you calm down.
Er no... It was a free app therefore zero profit to both Apple and Google.
No such thing as a "free" app. At the very least Apple/Google will know you downloaded it, that information alone is something they can sell to advertisers. As always, if you're not paying for the product, you are the product.
Essentially it seems that they are not checking the app security, just checking that it is not doing something they don't want it to do (like replicate functionality they have in an "official" app, eh Apple ?) or doing something they'd be interested in copying for themselves.
If they find neither of these situations, then it's a cursory malware scan and on to the store.
If you were a developer, you would understand it is impossible to prevent malicious apps.
The developer compiles the app. How the code branches and what it might do is opaque even to Apple (it is compiled and reverse engineering such takes a lot of time and money, several orders of magnitude more time and money than is available to an App review team). It is very easy to create code to the effect "do nothing until 20th Jan 1016, then after that date do ... mawah ha ha ha haaar."
This code condition can be obfuscated. The chance of knowing about it before app launch is close to big fat zero. All you can do is block the app after it starts doing it's nefarious evil thing and ban the app developer.
This is why having to pay a yearly fee to be an app developer who can submit apps to the AppStore is a good idea. It means the developer id is not throwaway and immediately cuts out all those who might be tempted to have a go at building a malicious app for kicks, because it will cost them £100 a pop.
"This is the 100 millionth time they have let things slip by"
Complete drivel. Given the truth of what I have said above, I've been astounded at how very little has got through. This is because the real defence is the app sandbox and the permissions model and app review is limited in what it can do. It is only recently there has been any trend at all. As an app developer I monitor such things.
You're quite right.
If you install an app that asks you to type in a trusted user name and password in order to do its work, you are putting a lot of trust in that app. There are a million ways an app can use personal information that you've entered. Posting it off to a server somewhere is just one.
I imagine Apple keep a keen eye out for apps that pop up a dialog asking you to enter your iCloud credentials, however.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
