Posted by: David Harley | February 22, 2016

ZergHelper: Evading the iOS Code Review

Here’s a fascinating article by Claud Xiao for Palo Alto: Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review.

Palo Alto classifies it as riskware because ‘We had not identified any malicious functionality in this app’ but it does pose a number of security risks that are listed in the article. Claud explains:

ZergHelper appears to have gotten by Apple’s app review process by performing different behaviors for users from different physical locations on earth. For users outside of China, it would act as what it claimed: an English studying app. However, when accessing the app from China, its real features would appear.

The app was available on the App Store from October 30th 2015 until 19th February 2016, when Apple withdrew it after Palo Alto shared its findings with them.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: