A surveillance app that was originally designed for Android devices has branched out, making its way to iPhones.
According to a new report from TechCrunch, based on a discovery made by mobile security firm Lookout, an app built specifically for surveillance on mobile devices that was originally designed for Android has made the jump to iOS. The developer behind the app has bypassed the App Store’s strict policies by taking advantage of the Apple-issued enterprise certificate program.
The app is capable of listening in on phone calls, and also tracking the iPhone user in real-time as far as their location is concerned.
“The disguised carrier assistance app once installed can silently grab a victim’s contacts, audio recordings, photos, videos and other device information — including their real-time location data. It can be remotely triggered to listen in on people’s conversations, the researchers found. Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan.”
It’s worth noting here that even when an app is released with an enterprise certificate, it does not mean it’s available in the App Store. This is because the app itself and its capabilities would still be reviewed and (probably) blocked. So the developer had to use the web to get people to install the app through Safari, bypassing the App Store and its restrictions. Utilizing the enterprise certificate basically means there’s no oversight on what the app can do once it’s installed on an iPhone.
If this enterprise certificate business sounds familiar, it’s because major companies were abusing the program recently. That includes Facebook and Google. But, more than that, it’s been discovered a variety of other apps abuse the program.
Our Take
Apple revoked enterprise certificates of apps that were abusing the program earlier this year, and it stands to reason the company wants to crack down on enterprise certificates in a big way since it’s been discovered how many people out there are abusing it in one way or another.
[via TechCrunch]
Recent Comments