Apple Removed Apps Infested With Screen Reading Malware

[I7guy]

I just did.

Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.

Do you know the meaning of the word "ever"?

Yeah yeah, I know, Apple also says "known." Doesn't change the fact that Apple claims their App Store is safe.

I'd also like to point out that this malware is not unknown. It's been known about for many months

While this is not the first time Android malware with OCR capabilities has been detected in the wild, it's one of the first instances where such a stealer has been found in Apple's App Store. The infected apps in Google Play are said to have been downloaded over 242,000 times.

The campaign is assessed to have been active since March 2024...

if not years...

First clipper malware discovered on Google Play

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores

www.welivesecurity.com

Please provide a link rather than a quote. The link you provided uses the word limited. Nobody, even Apple ever says ever, except if you are referring to gravity at sea level.

Your text in blue is not a citation. I’m going to assume Apple never said that or said it so long ago it’s meaningless today.

 

[I7guy]

Obviously given this story Apple's scans are not comprehensive enough. I don't expect Apple to have precognition. I do expect due diligence in screening apps for the app store. Again, I think the best way of doing that would have been for the EU and other governments to make Apple back up its claims with a guarantee.

Which is it? They aren’t comprehensive or they can’t predict the future?

 

[laptech]

Removing app's that have malware in them but got through the checking process is all well and good but it goes no where in helping those who are affected by the malware because Apple has not disclosed what apps where affected. Users need to remove the app's from their iphone but how do they know what app's to delete if Apple does not disclose what app's had the malware code in them.

 

[sw1tcher]

Please provide a link rather than a quote. The link you provided uses the word limited. Nobody, even Apple ever says ever, except if you are referring to gravity at sea level.

Your text in blue is not a citation. I’m going to assume Apple never said that or said it so long ago it’s meaningless today.

OMG! I provided a link in post #47 that you replied to.

But since you didn't see it the first time...

https://support.apple.com/guide/security/about-app-store-security-secb8f887a15/web


Here's a screeshot where the word "ever" is used by Apple. I even underlined "ever" for you.

 

[subjonas]

Apple doesn't say 100%. Apple does say their security protections are designed to prevent malware "from ever making it onto the App Store and thus ever reaching or harming users."

How is that not the same as saying the App Store is 100% safe?

About App Store security

On the App Store, apps come from identified developers who have agreed to follow Apple guidelines, and are securely distributed to users with cryptographic guarantees against modification.

support.apple.com

App Store security protections include:

• Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.

This story about multiple malware infested apps on Apple's App Store shows that malware can and does reach and harm users.

Thanks for the reference.
A few things I would say about that quote:

The major thing to note is it says it prevents known malware… So that suggests unknown (to Apple) malware could get by.

But even for known malware, this statement doesn’t read as a guarantee to me because of the word “help”. “To help prevent” is not “to prevent”. It contributes toward the goal but doesn’t necessarily achieve it.

The word “ever” is really just an emphasis word, but doesn’t change the fundamental meaning of the statement like the word “help” does. It’s not misleading either. The malware that is automatically detected indeed doesn’t ever make it into the App Store or onto users’ devices. But one could remove that word “ever” and the statement meaning doesn’t really change: “Detected malware doesn’t make it into the App Store”. It still reads as a definitive statement.

But either way, again it’s only talking about known malware. As far as I know, Apple never said they’d keep out all malware. That would be impossible in all practicality.

 

[I7guy]

I just did.

Automated scans for known malware: To help prevent it from ever making it onto the App Store and thus ever reaching or harming users.

Do you know the meaning of the word "ever"?

Yeah yeah, I know, Apple also says "known." Doesn't change the fact that Apple claims their App Store is safe.

I'd also like to point out that this malware is not unknown. It's been known about for many months

While this is not the first time Android malware with OCR capabilities has been detected in the wild, it's one of the first instances where such a stealer has been found in Apple's App Store. The infected apps in Google Play are said to have been downloaded over 242,000 times.

The campaign is assessed to have been active since March 2024...

if not years...

First clipper malware discovered on Google Play

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores

www.welivesecurity.com

Did you see the word “help” in there? Do you know in this context what it means? Help is a disqualification for an absolutism “of ever reaching the App Store”. Apple hedged their bets because they cannot predict the future.

And apples App Store is safe just like flying is safe. One bad app or one plane crash doesn’t change that fact.

Your own link contradicts your narrative.

 

[sw1tcher]

Thanks for the reference.
A few things I would say about that quote:

The major thing to note is it says it prevents known malware… So that suggests unknown (to Apple) malware could get by.

As I noted in post #49, this malware has been known for many months, if not years.

If it wasn't known to Apple after all that time, then Apple needs to do a better job staying up-to-date on the latest cybersecurity news.

Ignorance is no excuse.

 

[VulchR]

Which is it? They aren’t comprehensive or they can’t predict the future?

Apple can be negligent about scanning apps for features of known malware and not have ESP about features of unknown malware. These two are not mutually exclusive. I just want them to do their best ... and some guarantee that they have done so.

 

[Love-hate 🍏 relationship]

are alt stores still a thing?

Not sure I get the joke . Yes there are

 

[AppliedMicro]

The competition is from real competitors. Not companies taking a slice of apples business.

“Real competition” on the platform (as @turbineseaplane said) means companies taking a slice of Apple’s market share.

When your market share for iOS applications is 100% (a monopoly) today, there’s no other way for “real competition” competition to emerge on the platform.

May not be in the next hour, day or month, but criminals will find a way to exploit these app stores and sideloading.

…just as they do with enterprise certificates?

Which Apple was happy to dish out for money - for apps that they do not even review.

 

[I7guy]

“Real competition” on the platform (as @turbineseaplane said) means companies taking a slice of Apple’s market share.

Which is not what real competition. In the world of playino robin hood, the dma excels but those taking a free slice of apples pie are not competitors. They are leeches who are essentially stealing apples ip.

When your market share for iOS applications is 100% (a monopoly) today, there’s no other way for “real competition” competition to emerge on the platform.

People throw the word monopoly around as if it’s a legal opinion, which is to say an illegal monopoly. Apple is entitled to control its own ip even if some don’t like it.

If you want competition build your own platform.

…just as they do with enterprise certificates?

Yep. Anything and everything can be exploited. Here the EU have the criminals the key to the hen house.

Which Apple was happy to dish out for money - for apps that they do not even review.

Not the point.

 

[vantelimus]

Apple's claim that they carefully review all apps before approving them and that their App Store is 100% safe is an illusion.

No way Apple has enough resources to review all apps. The amount of employees and time needed to do this is ridiculously high.

Apple has never claimed that Apps downloaded from their store are 100% safe. That straw man's pants are on fire.

 

[AppliedMicro]

word monopoly around as if it’s a legal opinion, which is to say an illegal monopoly.

Monopolies certainly aren’t all illegal or per se illegal.

Here the EU have the criminals the key to the hen house.

You’re ignoring the fact that developers - after having been vetted and gone past the alternative store operator - still have to have their apps reviewed by Apple. They require the same access “key” as any other developer.

If you want competition build your own platform.

Nobody has any interest in Spotify, Netflix, Match.com, Epic etc. all building their own individual competing platforms.

Also, none of them has a chance to succeed, without the massive ecosystems of third-party apps that back Apple and Google.

Apple and Google successfully duopolised the mobile operating system market by giving away their services and ressources for free (to most).

 

[HiVolt]

Did they claim they’re the only ones capable? It’s very possible, I just don’t recall it. Do you have a link? I’d like to know the specifics of that quote, particularly if there is any relevant context. Because if that claim is as broad as it sounds, it can be debunked with an obvious simple theoretical example—if there is an alternative app store that only allows 10 apps. The reviewers could scrutinize the apps for any malicious behavior extremely thoroughly. The only problem with that is it’s a useless example, because we would have to trust their review system but if they only have a 10-app app store, we will never hear of their store.

Also what thorough debunking are you referring to? Theoretical debunking like mine or actual examples? Keep in mind, if you are referring to examples of malicious apps getting into the App Store, that doesn’t prove that other stewards are more capable, it only proves Apple is not perfectly capable, which as far as I know they have never claimed.

I admit I was being a bit general, but Apple's position was usually that they did not want to allow other stores, other payment systems, or sideloading because it would undermine security and reliability, these were usually their arguments during the various public court cases as well as the EU discussions.

Apple has been doing this for 15 years. They cite every reason other than profit, that they don't want to open up the platform, and that the world would end if they did (joke). It's ultimately about the profits.

 

[ArPe]

How does Kaspersky find this and not Apple?

If Apple did found it they would have dealt with it privately and it would never have been news.

Tech corporations sometimes leak such malware to security companies who then put out the news. By doing this the news about the malware becomes publicly known without the tech company needing to announce it themselves.

If Apple had announced this instead of Kaspersky we would have seen some EU nuts and sideloading stans say that Apple is lying just to defend their security model.

So now you know why it is better for outsiders to announce discoveries.

if the same code was rejected or removed before how did these apps get approved?

Since the very first iOS apps developers have been trying to sneak malicious code in. It’s a massive volume. Steve Jobs openly called those devs SOBs for saying their app does one thing when it does something else.

 

[I7guy]

Monopolies certainly aren’t all illegal or per se illegal.

The word monopoly is thrown around so frequently it’s a meme at this point; without any real meaning.

You’re ignoring the fact that developers - after having been vetted and gone past the alternative store operator - still have to have their apps reviewed by Apple. They require the same access “key” as any other developer.

Criminals are enterprising and will find a way to enter a “safe” environment and wreak havoc.

Nobody has any interest in Spotify, Netflix, Match.com, Epic etc. all building their own individual competing platforms.

The EU clearly does; so “nobody” is factually incorrect.

Also, none of them has a chance to succeed, without the massive ecosystems of third-party apps that back Apple and Google.

There are massive barriers to entry to many industries. Yet governments don’t go demanding competitors gain free and unfettered access to intellectual property.

Apple and Google successfully duopolised the mobile operating system market by giving away their services and ressources for free (to most).

Factually incorrect. There are more than 2 operating systems and more than 2 app stores.

 

[sw1tcher]

Apple has never claimed that Apps downloaded from their store are 100% safe. That straw man's pants are on fire.

I already went over this with another person. See post #47

Does Apple say in those exact words that apps from their App Store are 100% safe? No.

Apple does say they have security protections in place designed to "prevent it [malware] from ever making it onto the App Store and thus ever reaching or harming users" which is basically the same thing.

 

[I7guy]

I already went over this with another person. See post #47

Does Apple say in those exact words that apps from their App Store are 100% safe? No.

Apple does say they have security protections in place designed to "prevent it [malware] from ever making it onto the App Store and thus ever reaching or harming users" which is basically the same thing.

as I noted in this post, https://forums.macrumors.com/thread...-screen-reading-malware.2448910/post-33721289 Apple uses the word “help”.

The word “help” is not an absolute.

 

[thefrost]

Well that was quick Apple.

 

[MyOwnDrummer]

“suss out” - weak sauce writer tries to be hip and cool