Posted by: David Harley | February 22, 2016

ZergHelper: Evading the iOS Code Review

Here’s a fascinating article by Claud Xiao for Palo Alto: Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review.

Palo Alto classifies it as riskware because ‘We had not identified any malicious functionality in this app’ but it does pose a number of security risks that are listed in the article. Claud explains:

ZergHelper appears to have gotten by Apple’s app review process by performing different behaviors for users from different physical locations on earth. For users outside of China, it would act as what it claimed: an English studying app. However, when accessing the app from China, its real features would appear.

The app was available on the App Store from October 30th 2015 until 19th February 2016, when Apple withdrew it after Palo Alto shared its findings with them.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: