In a recent turn of events, a malicious application successfully navigated through Apple’s stringent App Store security measures, raising concerns about the robustness of the company’s review processes. Following a report that brought this issue to light, Apple swiftly took action to remove the offending app. However, the intricacies of how such applications manage to deceive the review system have now come to the forefront.
Malicious Apps Use Geofence to Trick the App Store Review System
According to 9to5Mac, these rogue applications employ a technique known as “geofence.” This method allows the app to present a different user interface (UI) or functionality based on the geographical location it detects. For instance, a pirate streaming app may mask its true nature while navigating through Apple’s security protocols. To further obscure their intentions, these apps often adopt misleading names. A recent example is an app dubbed “Collect Cards,” which was ultimately designed to distribute pirated media content.
The geofencing mechanism effectively thwarts the App Store’s automated evaluation systems from identifying the app's actual purpose at first glance. When the app recognizes a location deemed “dangerous,” such as the United States, it may display a benign card game interface. Conversely, if it detects a location in a country with more lenient anti-piracy regulations, like Brazil, it reveals its true functionality.
Moreover, these apps cleverly delay the activation of their geolocation API upon launch to avoid raising any red flags with the automatic evaluation system. By default, they showcase the deceptive UI, allowing them to slip through the cracks unnoticed.
Similar Apps Share the Same Code Base
Developers of these malicious applications typically utilize a shared code base, often built on the React Native framework and Microsoft’s CodePush SDK. This approach is particularly advantageous as it permits modifications to the app without necessitating a formal update submission to the App Store, thereby minimizing the risk of detection. The absence of the usual security checks associated with each update upload further enhances their chances of evading scrutiny.
Reports indicate that the code base for these types of applications originates from a single GitHub repository, theoretically allowing anyone to attempt to upload their own malicious apps and circumvent Apple’s security filters. While the pirate streaming app in question has been removed, Apple has yet to disclose whether it plans to adjust its app review system in response. Interestingly, it has been noted that even non-malicious apps, such as Uber, have previously employed geofencing techniques to obscure user tracking systems across their platforms.