Malware creeps into the iTunes App Store

Posted by Mark Raby

It's not easy to get a malicious app into Apple's heavily guarded and scrutinized App Store, but it is still possible.

Infamous Apple hacker Charlie Miller created an app that was disguised to look like a generic stock market app, telling potential downloaders that it let them monitor their stock prices.

In reality, though, it contained malicious code that could be used to gain limited remote access of the phone and grab sensitive data.

Miller said he released the app for demonstration purposes only, but nevertheless Apple has removed it from the App Store and revoked Miller's ability to post future apps.

Malware has been a historic problem for the Android Market, which lets literally anyone create and post an app for download. Someone with no experience in developing apps could create one and push it live to the Android Market in the same day.

The only safeguards in place are automated triggers that prevent certain pieces of code from going to the Android Market, but there are many workarounds to get malicious apps on the Google platform.

For the App Store, it is much more difficult, since Apple has an actual human look over and approve every app. Nevertheless, there are always ways to cheat the system and sneak something into the App Store that violates the terms of service.

Apple did not comment on Miller's proof-of-concept app.