Re: Can somebody tell me why this is actually bad?
It'll have to ask your permission to get your location, or access your contacts, so the danger there really isn't any more than with any other app.
It sounds like the main danger is accessing private app data by masquerading as another app. i.e. if it uses the same ID as Facebook, it could get access to your Facebook password and cached data. If it uses the same ID as your email app, it can get your email password and cached email (and of course login as you to get ALL your email)
So it is really more of a targeted attack that could go after say a popular banking app that stores a bit too much private data on the phone. So if you are able to access your bank account with a "convenient" app that has saved your login/password, that info isn't quite as safe you as might have thought (though you still have to approve installation of an app using some weird enterprise certificate, so it requires a certain level naivete on the part of the target)
Apple may be ignoring it a bit too much, but the fandroids are acting like the sky is falling when this is nothing compared to some of the real malware Android has faced even from the Play store, let alone from third party app stores like this attack relies upon.
Biting the hand that feeds IT
