After recent revelations that iOS apps have been secretly recording screen activity through marketing analytics software that works a lot like a keylogger, it’s been found that the initial batch of apps using this software was the tip of the iceberg.
Gambling and adult content apps are also abusing Apple’s developer programs to gain more data from users.
A report from TechCrunch follows revelations that developers were using software to capture taps and swipes through “session replay” technology. It’s basically keylogger software for the touchscreen generation.
And we also learned that Apple was forced to ban Google and Facebook temporarily from their developer programs because they were using the beta testing process to get users, who were being paid, to provide data about how they use various services.
The new batch of apps discovered by TechCrunch, which it reported to Apple who has begun removing the apps from the App Store, come from the bastions of online propriety and online safety – gambling and porn.
TechCruch details how these companies and developers have been able to bypass Apple’s certificate checking and allocation processes saying that a few bits of creative form-filling will get them through once they pony up US$299. As long as they used a legitimate business name and registration details – information the developers were able to find through a simple online search – they could create the certificates.
They can then use the certificates issued by Apple to allow users to “side load” apps. They were able to “download and verify 12 adult and 12 real-money gambling apps over the past week that were abusing Apple’s Enterprise Certificate system to offer apps prohibited from the App Store. These apps either offered streaming or pay-per-view hardcore pornography, or allowed users to deposit, win, and withdraw real money”.
Apple has responded saying the registration and checking processes will be tightened up.
For developers who are doing the right thing not much will change although there its likely to be some more stringent checking of company registration information when certificates are issued. And, while TechCrunch did find dozens of apps in its search, that’s a very small number compared to two million apps currently listed.
For users, steer clear of any program that asks you to side load apps unless you are 100% certain that the developer is legitimate. If a gambling or adult site wants you to bypass the relative safety of established app stores then that should ring an alarm bell.
Leave a Reply
You must be logged in to post a comment.