Apple Cracks Down On Subscription Scam Apps

  


Women in Tech: 20 Trailblazers Share Their Journeys
Successful women in the tech trenches share their insights and tackle subjects ranging from how to search out a strong mentor to how to be one -- from how to advance in a large company to how to start your own firm. Get the Kindle or Paperback.

  1. Apple Cancel App Subscription
  2. Apple Cracks Down On Subscription Scam Apps Without
  3. Apple Subscriptions On Mac
  4. Apple Cracks Down On Subscription Scam Apps Yahoo
  5. Apple Cracks Down On Subscription Scam Apps On Amazon

'The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the. IPhone snooping: Apple cracks down on apps that secretly record taps, keystrokes. IOS app developers have been capturing how users interact with screens without gaining user consent.

Seven scamware apps found in Google Play and Apple's App Store corralled more than half a million dollars for their developers, a digital security company reported Tuesday.

Avast discovered the malicious apps after a 12-year-old girl flagged a suspicious app promoted on a TikTok profile through its 'Be Safe Online' project in the Czech Republic, where the business is based.

Apple Cracks Down On Subscription Scam Apps

The adware apps have been downloaded more than 2.4 million times and have earned their developers more than US$500,000, Avast revealed in a company blog.

Many of the apps are being promoted on TikTok on at least three profiles, one which has more than 300,000 followers, Avast noted. An Instagram profile with more than 5,000 followers was also found promoting one of the apps.

Avast explained that the programs pose as entertainment apps, which either aggressively display ads or charge from $2 to $10 to purchase the software.

Some of the programs, it added, are HiddenAds trojans, which disguise themselves as safe apps, but serve ads outside the app.

'The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed,' stated Jakub Vávra, a threat analyst at Avast.

'It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them,' he added.

Difficult to Detect

HiddenAds trojans can be particularly pernicious because they will continue to serve ads even after the app that installed them is removed.

'The behavior of installing the adware separately through the original application is why it's classified as a Trojan rather than simply adware,' explained Jonathan Tanner, a senior security researcher with Barracuda Networks.

'The original app tricks the user into infecting their device with the actual adware rather than simply acting as the adware,' he told TechNewsWorld.

Since the app is side-loading its adware and not serving the ads itself, the bad app should be easier to detect, but it does lower its profile by limiting itself to only functions used by legitimate programs and nothing more.

'This would normally be a good means of detecting malware,' Tanner said. 'Malware often requires more control over the phone than available to developers, often requiring rooting the phone which can be detected more easily.'

Adware, in general, can be difficult to detect because adverting is common within apps. 'Adware takes these ads too far, by either being too invasive to the point of draining computing resources and bandwidth or utilizing less reputable ad networks that may distribute malware,' Tanner explained.

'Detecting invasive ads versus a simple banner would require profiling the behavior of the app or reverse engineering its code, both of which can be difficult and time consuming to do at scale,' he said.

'Detecting malicious ad networks requires tracking which ad networks are legitimate and which are not, which again is not a trivial task,' he continued. 'As with the apps themselves, ad networks can suddenly shift from safe to malicious if the wrong advertiser signs up and has too much freedom as to what content is allowed.'

Cracks

Cowed by Influencers

It can be difficult for an app store to flag programs that charge money but offer little or trivial functionality if they live up to their claims, no matter how paltry they may be.

'For example, the surge of flashlight apps during the early days of the App Store's existence were largely legitimate, if questionable value for the money,' said Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company, in Scottsdale, Ariz.

'The Apple and Google stores have since attempted to crack down on apps that only perform trivial functions,' he told TechNewsWorld, 'however the definition of what constitutes a trivial function can be murky for reviewers to determine.'

Inexperienced users can also make the job of shady apps easier. 'Mobile devices are a 'black box' for most users, and they have little visibility into what's happening deeper in the device,' said Saryu Nayyar, CEO of Gurucul, a threat intelligence company, in El Segundo, Calif.

'There are a number of techniques mobile application developers can use to hide from a casual user,' she told TechNewsWorld.

Users on networks like TikTok can also be too easily cowed by social media personalities. 'Many social media influencers will take money to promote products or apps without doing any research into their legitimacy,' Clements maintained.

'The influencer ecosystem is ultra-competitive and promotions from even those with large audiences can be bought for next to nothing,' he added.

Leveraging Social Situations

Using TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters, noted Ben Pick, a senior application security consultant at nVisium, a Falls Church, Va.-based application security provider.

'The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user's profile,' he told TechNewsWorld.

'Check for excessive permissions and numerous bad reviews to prevent downloading similar scam or outright malicious apps,' he added.

Another factor influencing the downloading of these malicious adware apps may have been the imminent ban of TikTok by the Trump administration, which fizzled when the social app was able to cut a deal with Oracle and Walmart that satisfied Washington.

'We frequently see threat actors leverage social situations to their advantage,' observed Hank Schless, a senior manager for security solutions at Lookout,a San Francisco-based provider of mobile phishing solutions.

'In this case,' he told TechNewsWorld, 'they know people rushed to download TikTok ahead of the ban, and these new users look for influencers to follow when they sign up for the app.'

Pay Attention to Reviews

One of the simplest ways to avoid becoming a victim of adware scams is to read the reviews about an app. 'When loading apps, it's essential to read reviews and check the ratings,' James McQuiggan, a security awareness advocate atKnowBe4, told TechNewsWorld.

Pay particular attention to negative reviews, added Cerberus Sentinel's Clements. 'Scammers often use bots or pay for fake positive reviews,' he explained.

McQuiggan also advised that when there are prompts to install an app from an advertisement in a profile or on a website, it's vital to do some due diligence about the app to make sure it's not malicious.

Chloé Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry, Baltimore, Md. agreed. She told TechNewsWorld, 'It's always better do some research before allowing an app into the most personal digital space in your life -- your phone.'

John P. Mello Jr.How to record screen for youtube on osx. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Apple Cancel App Subscription

Apple Inc. has lost a lawsuit against a company called Corellium LLC, which has built a virtualized version of the iOS operating system for security testing purposes

Apple Cracks Down On Subscription Scam Apps Without

Corellium was co-founded in 2017 by husband and wife Chris Wade and Amanda Gorton. Its software quickly became popular because it enables security researchers to run a virtual iPhone environment on a desktop computer. That made it possible for people to test iOS security and find flaws and bugs without buying an iPhone or iPad.

But Apple wasn’t impressed. It sued Corellium last year alleging that the company had infringed on its copyright by replicating iOS.

A Florida judge threw out that claim today, saying Corellium had demonstrated that it operates under fair-use terms, The Washington Post reported.

“Weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use,” Judge Rodney Smith said in his decision Tuesday. “Thus, its use of iOS in connection with the Corellium Product is permissible.”

Apple Cracks Down On Subscription Scam Apps

Apple’s lawsuit had alleged that Corellium illegally replicated the iOS operating system and its applications. “Corellium has simply copied everything: the code, the graphical user interface, the icons — all of it, in exacting detail,” Apple said in its complaint.

Corellium countered that its software, which creates replicas of the iOS, iTunes and other user interface elements of Apple’s software, is simply designed to make it easier for security researchers to find flaws. The company added that Apple was also using the lawsuit to try to crack down on “jailbreaking,” which refers to the removal of software restrictions on iOS. By jailbreaking an iPhone, users can install applications and extensions that are not authorized in the Apple App Store.

Apple Subscriptions On Mac

Judge Smith retorted that Apple’s claims that Corellium’s software could enable jailbreaking were “puzzling, if not disingenuous,” before throwing them out.

Analyst Rob Enderle told SiliconANGLE that Apple had been guilty of thinking that it couldn’t be beaten in a case like this. Now that it has been beaten, it has created a legal precedent that could lead to other companies creating similar products that help users migrate to competitive offerings, he said.

“Given that what Corellium was doing was potentially beneficial to Apple, it should have found a way to bless the effort which would have allowed the perception that it couldn’t be beaten to remain,” Enderle said. “As a result of Apple’s action, it has turned a non-problem into what could become a catastrophe. Using litigation as a weapon comes with risks that Apple is suddenly forced to remember. You’d think they would have learned this lesson after the Qualcomm loss, but apparently not.”

Apple has also alleged that Corellium had violated the Digital Millennium Copyright Act’s ban on circumventing copy protection measures. Further, Apple claimed that Corellium circumvented its authentication server and secure boot chain to create its software.

Corellium has claimed fair use as a defense against those charges too, but the judge said he did not find it compelling enough to dismiss them before a full trial.

Apple has not commented on the case.

Apple announced a major revamp of its bug bounty program last year with bigger payouts to researchers that find flaws. It has also created a program for vetted researchers that gives them access to iPhones that are essentially jailbroken.

Photo: JESHOOTS-com/Pixabay

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.

Apple Cracks Down On Subscription Scam Apps Yahoo

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

Apple Cracks Down On Subscription Scam Apps On Amazon

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.