Once done, users could install apps from the alternative app store. This is similar to the process that a device goes through when it’s enrolled into a mobile device management system. However, if the address was from China, a different interface would appear that would guide users through installing a provisioning profile. Once installed on a phone, the app behaved as advertised if the user’s IP (Internet Protocol) address was from outside mainland China. The app was submitted to the app store under the name “Happy Daily English” (in Chinese) and was presented as a helper app for learning English. Its creators appear to have tricked Apple’s reviewers by using simple tricks. The company’s researchers found no explicitly malicious behavior in ZergHelper so far, its main goal being to act as an alternative app store that allows users to install cracked games and other pirated apps without jailbreaking their iOS devices. The app was available in the official app store from the end of October until Saturday, when Apple removed it after being alerted by Palo Alto Networks. ZergHelper is also providing free Apple IDs to users and it’s not clear where those IDs are coming from and whether the app steals them from other devices. That post has since been deleted, the researchers said. In fact, someone was recently selling code on a popular Chinese security forum that could automatically register Apple IDs and then generate personal development certificates for them. ZergHelper is evidence that this is indeed possible, highlighting its potential for abuse “in a wide-ranging and automated way,” the researchers said. Some people have expressed concerns after the feature was released last year that attackers might abuse it to create and distribute malware to non-jailbroken devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |