Notifications
Clear all

Pirated iOS App

2 Posts
2 Users
0 Likes
357 Views
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

Maybe more of this goes on than is detected or confirmed. This is an early 2016 incident but could it account for an event happening with a smartphone that the owner-user did not initiate or intend to occur?

Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review

http//researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/

 
Posted : 07/02/2017 3:54 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Very important aspect you put into spotlight. By analysing the involved players you get M Manufacturer of HW Hardware, DS Developer of SW, AD App Developer and the U User.

By almost only two global platforms iOS and Android, iOS is in the better place as the chain of risk is shorter by 1. So lets start by your friend tells you about a 'new' game e.g. DragonSoul. Lets assume you are extremely suspicious as forensics expert. So you have to first invest in googleing background information about the DS for the app. In the respective App Store you probably will find developer's name or the company. Ok, you find out that DragonSoul belongs to

© 2017 Fantasy Legend Studios, Inc. All rights reserved. derived from here
http//dragonsoulgame.com/

Lets look into the iOS App Store credentials

Entwickler TOPGAME GLOBAL LIMITED
https://itunes.apple.com/de/app/dragon-soul/id538339878?mt=8

Total Error. The respective iOS App Store credentials look like this

© Fantasy Legend Studios, Inc.
https://itunes.apple.com/us/app/dragonsoul-rpg/id1020327340

Ok, lets stop here. The simple difference is -rpg and dragon-soul or dragonsoul.

No need to further play this approach. There is no chance by considering a normal amount of time and willingness to super carefully double-check every app one installs.

As the U trusts the - ….? To whom??? He blindly trusts the App Store and expects that Apple or Google will care about the rest.

Its already today cracy how much time it needs to most securely operate digitally by not saving passwords for logins, to not save credit cards in webstores and now we have to make a background check about the company of an app?

How should I find out that - when I work proper and land at Fantasy Legend Studios - that this company does not evil to me?

Only one principle helps. Only install apps you REALLY, REALLY, REALLY NEED and second delete all stuff you don't need anymore. Then maybe you get rid of an app which was evil but you did cut the line after days, months or years or not at all.

trewmte is right. More evil here since we don't know and more to come.

DO NOT INSTALL ANY APP which is not native, means do not install any app.

To answer trewmte's question. Its absolutely possible that events on smartphones by not-by-user-installed-apps can do evil.

How to solve this (self-defense). Log on paper date, time and location you installed an app. Hm…? Is there a chance so see the 'last time installed an app by date, time and location? Google Play Store and App Store do not show this information, right? Will come for sure.

Thank you trewmte.

 
Posted : 07/02/2017 10:45 pm
Share: