Apple approves fake iPhone app for App Store
- 24 January, 2012 04:20
Apple let a fake app slip through its approval process for the iOS App Store, accortding to the makers of the popular Camera+ program.
Security researchers who noted the slip-up did not know whether the bogus app contained malware because they had been unable to grab a copy before Apple yanked it from the App Store.
On Saturday, the iPhoneography blog announced that a new App Store entry was fake.
The App Store listing touted Camera+ version 4.0, and listed the price at $0.99.
Although the real Camera+ -- created by Tap Tap Tap -- is sold for the same price, it's only at version 2.4.
iPhoneography's Glyn Evans contacted Tap Tap Tap, who confirmed that Camera+ 4.0 was phony.
"Oh, Apple and your all too often disappointing approval process," said Tap Tap Tap on Twitter Saturday.
Tap Tap Tap has butted heads with Apple before: In 2010, Apple yanked Camera+ from the App Store in a dispute over a violation of Apple's developer agreements.
Apple later restored Camera+ to its app distribution channel.
U.K. security company Sophos noted the fake Camera+, but said it couldn't tell whether the app had a malicious purpose.
"We haven't been able to get our hands on a copy of the bogus app, so we cannot confirm if it contained any malicious functionality," said Graham Cluley, a Sophos senior security consultant, in a blog Monday . In a follow-up email, a Sophos spokeswoman said the company believed it was probably created to siphon money from Tap Tap Tap's sales.
The fake Camera+ used graphics identical to the real deal to promote the program on the App Store.
According to that entry -- which was still available Monday via Google's search cache -- the bogus Camera+ was released on Saturday, Jan. 21 by a Hiep Nguyen of a company called Pursuit Special.
Later that day, Apple pulled the illicit Camera+ from the App Store, Tap Tap Tap confirmed on Twitter .
Apple's gaffe was notable since most security experts consider the iPhone platform more secure from hacker misuse because Apple vets each app before allowing it into the App Store, unlike Google.
Google's Android Market has been plagued with bogus apps, many of which contain some kind of malicious functionality. Last month, for example, Google scrubbed 22 malware-infected apps from its official e-store.
Cluley wondered how Apple could have screwed up.
"But questions still remain as to what went wrong with Apple's approval process," Cluley said. "After all, Camera+ is currently the 14th best-selling app in the App Store -- Apple should surely recognize if someone other than Tap Tap Tap tries to submit it to the store."
As of mid-day Monday, Camera+ was actually No. 7 on Apple's bestseller list of paid iPhone apps.
Apple did not immediately reply to questions Monday.
A fake Camera+ app slipped by Apple's approval process for the App Store.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com .
Read more about mobile apps and services in Computerworld's Mobile Apps and Services Topic Center.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- iPhoneography, the worlds #1 iPhone photography blog, bringing you the latest news, reviews and events - iPhone Journal - WARNING: FAKE Camera+ app is in the App Store
- Apple yanks iPhone app after hidden feature revealed - Computerworld
- Fake Camera+ app hits the iPhone App Store : Naked Security
- App Store - Camera+
- confirmed on Twitter
- Google pulls 22 more malicious Android apps from Market - Computerworld
- Gregg Keizer - Google+
- Computerworld Gregg Keizer News
- Articles by Gregg Keizer - Computerworld
- Mobile Apps and Services Topic Center - Computerworld
- NAB plans customer migration to NextGen platform
- A/NZ College of Anaesthetists to expand campus security monitoring
- Credit Union Australia signs Good Technology to secure 400 devices
- Taxi startup ingogo hails $3.4 million in latest funding round
- Updated: Federal Court dismisses Aust Post trade mark appeal
Amazon drones are 'fantasy,' says eBay CEO
Training critical to Australia tapping broadband potential: CSIRO
US faces major Internet image problem, former gov't official says
Why CIOs stick with cloud computing despite NSA snooping scandal
Telstra hits 300 Mbps in LTE-A trial