Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
IOS China Software Apple Your Rights Online

Pirated App Store Client For iOS Found On Apple's App Store (helpnetsecurity.com) 55

Posted by timothy from the infinite-recursion dept.
An anonymous reader writes: An app called "Happy Daily English", which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices. Its discovery shows that there are new techniques that can be used to fool Apple reviewers into allowing potentially malicious apps into the App Store, that enterprise certificates can be easily abused, and that there are ways for bypassing Apple's prohibition of apps dynamically loading new code.
This discussion has been archived. No new comments can be posted.

Pirated App Store Client For iOS Found On Apple's App Store More

Pirated App Store Client For iOS Found On Apple's App Store

Comments Filter:

  • Easy removal? (Score:4, Insightful)

    by mwvdlee ( 775178 ) on Monday February 22, 2016 @09:32AM (#51557901) Homepage

    I'm assuming Apple's walled garden approach makes it so much easier to remove this app and any apps, virusses and trojans potentially installed by it.

    • Re:Easy removal? (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Monday February 22, 2016 @09:52AM (#51558047) Homepage Journal

      Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.

      • Re: (Score:1)

        by Anonymous Coward

        Well Android is likly going to have a harder time preventing it from being resubmitted and showing up again.

        Apple can deny any app that looks superficially similar to this one if they want to.

      • Re: (Score:3)

        by rsborg ( 111459 )

        Not at all, Android can do the same and doesn't need the walled garden to do it. Play Services on Android will scan even sideloaded apps, and can remove apps that are found to be malicious no matter where they come from.

        And theoretically, the Police may be able to arrive on-scene before the criminals depart... but that only seems to be feasible in environments where crime isn't rampant. Let's face it, the walled-garden approach does result in better overall security for users (at a price), not unlike gated communities.

  • Law Enforcement Implications (Score:5, Funny)

    by dlleigh ( 313922 ) on Monday February 22, 2016 @09:34AM (#51557911)

    So the FBI doesn't need Apple to help them get the information on the San Bernadino shooter's phone after all. They can just ask the Chinese.

  • The first clue was that is was called "Happy Daily English" instead of the proper "Happy Daily Engrish"

    • Re:I knew something was suspicious about that app (Score:4, Informative)

      by AmiMoJo ( 196126 ) on Monday February 22, 2016 @09:58AM (#51558089) Homepage Journal

      This is a really weird myth. The Chinese can say the L sound perfectly, it's actually the R sound that they have some slight issues with. Koreans too, which makes that puppet film all the more bizarre.

      The Japanese have some issues with the L sound, which I guess must be the origin of the myth. Japanese, Chinese, Korean, all the same, right?

      • Japanese, Chinese, Korean, all the same, right?

        Exactly! Just like people from France and Québec are the same, and people from the UK, the U.S.A. and Australia are the same.

        • Re: (Score:2)

          by Falos ( 2905315 )
          Nah mate, we ain't grokkin that, not in my house, y'feel me? Peace.

          https://xkcd.com/771/ [xkcd.com]

      • Re: (Score:1)

        by Anonymous Coward

        The Japanese have some issues with the L sound, which I guess must be the origin of the myth.

        The problem is R is pronounced very differently depending on where you are as well as which word it's used in. Japanese has 5 characters with the sounds ra, ri, ru, re, ro (unicode missing, look up hiragana on wikipedia if you like). Here is the twist: it's a very weak R, much like the Icelandic R and to some degree much like R sounds like in many European languages. However when Americans read the letter R, they pronounce it very strongly, which makes it sound really weird in Japanese.

        The result is that th

        • Re: (Score:2)

          by _merlin ( 160982 )

          You can't spell an imported word the same way it's spelled in the original language if your alphabets don't line up.

        • Re: (Score:2)

          by jrumney ( 197329 )

          Japanese has 5 characters with the sounds ra, ri, ru, re, ro (unicode missing, look up hiragana on wikipedia if you like). Here is the twist: it's a very weak R

          I'm not sure what you mean here by weak, but it is a rolled r, something between the English R and L sounds, exactly where between those sounds is dependant on dialect. The key thing though, is that they do not have two different sounds for R and L, so when they pronounce an English word with their in-between Japanese R, it can easily sound like the

    • You are a racist fuck.

  • There were warning signs... (Score:3)

    by Harold Halloway ( 1047486 ) on Monday February 22, 2016 @09:49AM (#51558031)

    The occurrence of the words 'happy' and 'English' in the same sentence should have started alarm bells sounding.

    • Re: (Score:3)

      by AmiMoJo ( 196126 )

      Maybe it's just the English version of Happy Daily. There are lots of alternative app stores for iOS in China. They allow you to browse apps through their own interface and often have tie ins with social networks and let you earn virtual currency for using them. When you actually go to install an app it takes you directly to the right screen in the Apple app store.

      I saw a Chinese friend setting up a new iPad a few years back, She installed some third party app store, logged in to here QQ account and could s

  • Times change (Score:2, Insightful)

    by SmaryJerry ( 2759091 )
    The biggest reason macs had "no viruses" were that they also had no users so it wasn't worth it for a hacker. Now that Apple products are mainstream, all that changed.
    • That and MacOS X being standard UNIX, so it has proper security in place. Last time Windows had anything even remotely resembling, people shunned Vista and painted it as the worst OS ever.
  • If one can load apps on a nominally un-jail-broken apple, how about one to load (and remove) apps from an android? My phone is full of crapware. amd I want a wifi tracking app that wants a jailbroken phone (:-))

    • If one can load apps on a nominally un-jail-broken apple, how about one to load (and remove) apps from an android? My phone is full of crapware. amd I want a wifi tracking app that wants a jailbroken phone (:-))

      Android on a Motorola? Google will help you (not the search) but the company. Only requirement is google apps must be installed, but a hosts file will cover that.

  • or.... (Score:3)

    by JustNiz ( 692889 ) on Monday February 22, 2016 @11:27AM (#51559035)

    the Apple store guardians actually saw through it straight away but decided to let it through anyway since it actually promotes free speech/Apple's own agenda and because its a 3rd party app, it gives them plausible deniability.

  • I was under the impression that apple QA was 1) Does it do something we do? and 2) Is it pretty enough?. Arguably the first clause should've got this one but if its disguised a bit or in Chinese then no wonder it got past them.

Slashdot Top Deals

You know you've landed gear-up when it takes full power to taxi.

Close