Malicious App Bypasses Apple Security Using Geofence Technique

In a recent turn of events, a malicious application successfully navigated through Apple’s stringent App Store security measures, raising concerns about the robustness of the company’s review processes. Following a report that brought this issue to light, Apple swiftly took action to remove the offending app. However, the intricacies of how such applications manage to deceive the review system have now come to the forefront.

Malicious Apps Use Geofence to Trick the App Store Review System

According to 9to5Mac, these rogue applications employ a technique known as “geofence.” This method allows the app to present a different user interface (UI) or functionality based on the geographical location it detects. For instance, a pirate streaming app may mask its true nature while navigating through Apple’s security protocols. To further obscure their intentions, these apps often adopt misleading names. A recent example is an app dubbed “Collect Cards,” which was ultimately designed to distribute pirated media content.

The geofencing mechanism effectively thwarts the App Store’s automated evaluation systems from identifying the app's actual purpose at first glance. When the app recognizes a location deemed “dangerous,” such as the United States, it may display a benign card game interface. Conversely, if it detects a location in a country with more lenient anti-piracy regulations, like Brazil, it reveals its true functionality.

Moreover, these apps cleverly delay the activation of their geolocation API upon launch to avoid raising any red flags with the automatic evaluation system. By default, they showcase the deceptive UI, allowing them to slip through the cracks unnoticed.

Similar Apps Share the Same Code Base

Developers of these malicious applications typically utilize a shared code base, often built on the React Native framework and Microsoft’s CodePush SDK. This approach is particularly advantageous as it permits modifications to the app without necessitating a formal update submission to the App Store, thereby minimizing the risk of detection. The absence of the usual security checks associated with each update upload further enhances their chances of evading scrutiny.

Reports indicate that the code base for these types of applications originates from a single GitHub repository, theoretically allowing anyone to attempt to upload their own malicious apps and circumvent Apple’s security filters. While the pirate streaming app in question has been removed, Apple has yet to disclose whether it plans to adjust its app review system in response. Interestingly, it has been noted that even non-malicious apps, such as Uber, have previously employed geofencing techniques to obscure user tracking systems across their platforms.

Which hockey cards are worth collecting?

Hockey cards worth collecting typically include rookie cards of legendary players like Wayne Gretzky, Mario Lemieux, and Bobby Orr. Limited edition or serialized cards, autographed cards, and memorabilia cards that include pieces of a player's jersey or stick are also highly prized. Modern era cards of standout players such as Sidney Crosby, Alex Ovechkin, and Connor McDavid can also hold significant value, especially if they are in mint condition or graded by a reputable grading service.

Which baseball cards are worth collecting?

Baseball cards worth collecting often include rookie cards of iconic players such as Babe Ruth, Mickey Mantle, and Willie Mays. Limited edition cards, autograph cards, and memorabilia cards that feature game-used items are also highly coveted. Modern baseball cards of star players like Mike Trout, Shohei Ohtani, and Fernando Tatis Jr. can be valuable, particularly if they are in excellent condition or graded highly by companies like PSA or Beckett. Cards featuring historic moments or achievements can also be of interest to collectors.