Apple’s app reviews are not outsourced and the reviewers work on a surprisingly small team. A team that lets very few bad apps slip through. In fact, the iPhone had been largely free of spam apps for five years when a single malevolent app made its way into the App Store this week.
Antivirus researchers at Kaspersky discovered an app named ‘Find and Call’ in the iPhone app store and in the Google Play market which uploads a user’s contacts to a remote server and then goes on to text message and send emails to all the phone numbers and email addresses listed in the phone.
The messages, which are written in Russian, advertise the app and included a link to a download site. The app does not inform users that it is downloading their contacts or sending out emails as the user.
Only Russian users seem to have been affected, but this could easily have spread before anyone caught it. After hearing about the malicious nature of the app, Apple wasted no time removing it from the App Store. Google, too, removed the app.
While Find and Call is not a serious threat to iPhone users, it could be indicative of what’s to come. So how did the app slip past Apple’s reviewers? As I mentioned before, Apple’s app reviewing is done in-house, and according to one former Apple employee, the department is understaffed.
Apple has already responded to the malicious app and has pulled it from the App Store.“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines,” an Apple representative told The Loop.
This won’t be the last time we see a malicious app work its way into the App Store. Fortunately, ‘Find and Call’ was not written to target iPad users (did the devs think the market was just too small? Or were the email addresses not worth it?), but future threats certainly could be universal. Without an ability to call out or send SMS messages, our iPads are a bit safer, but it will still pay off to be vigilant and stay away from any shady apps.
And of course, now that one bad app has gotten through, Apple will ratchet up its security policies to prevent it from happening again. If you happened to download Find and Call, make sure to delete it from your iDevice and from iTunes immediately.