A team at Georgia Tech University managed to successfully sneak in a malware app past Apple’s certification. The team said that the app was approved and published back in March, but was only live for a short while and was not downloaded by anyone.
The app was disguised as a news aggregator for the university, but contained fragments of malicious code that could later be assembled to produce the actual malware. The app could then steal personal information and device ID numbers from iOS devices, as well as attack other installed apps.
The team revealed that their app was probably scanned for a few seconds by Apple’s team before it was approved and published, The team was then able to download the app onto their own Apple devices and monitor it before pulling it from the App store themselves. Apple announced on Friday that it has made a few changes to its app review process as a result of this, but declined to comment further.
(via MIT Tech Review)