The post Why Apple Removed Millions of Apps from App Store? appeared first on CISO MAG | Cyber Security Magazine.
]]>“Threats have been present since the first day the App Store launched on iPhone, and they’ve increased in both scale and sophistication in the years since. Apple has likewise scaled its efforts to meet those threats, taking relentless steps forward to combat these risks to users and developers alike. It takes significant resources behind the scenes to ensure these threat actors can’t exploit users’ most sensitive information, from location to payment details,” Apple said.
Why Apple Rejected So Many Apps?
- Apple terminated more than 48,000 apps for containing hidden or undocumented features
- Over 150,000 apps were rejected for being spam, copycats, or misleading users
- 215,000 apps were stopped for privacy violations
- Besides, Apple prevented 3 million stolen credit cards from making purchases, banned 1 million fraudulent accounts from transacting again.
Review Before Download
Apple claimed that App Store ratings and reviews help users know about the safety and security of the apps. Apple stated that it relies on a sophisticated system including machine learning, artificial intelligence, and human experts to moderate the ratings and reviews to help ensure accuracy and maintain trust.
The company has processed over 1 billion ratings and over 100 million reviews. In the last year, over 250 million ratings and reviews were removed for not meeting moderation standards. Recently, Apple also deployed new tools to verify rating and review account authenticity, to analyze written reviews for signs of fraud, and to ensure that content from deactivated accounts was removed.
“With online data breaches frustratingly common, these protections are an essential part of keeping users safe. But users may not realize that when their credit card information is breached or stolen from another source, fraudsters may turn to online marketplaces like the App Store to attempt to purchase digital goods and services that can be laundered or used for illicit purposes,” Apple added.
Related Story: German Security Researcher Claims Apple AirTag can be Hacked
The post Why Apple Removed Millions of Apps from App Store? appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Fleeceware Apps Continue to Deceit Consumers; Scammers Earn S400 Mn appeared first on CISO MAG | Cyber Security Magazine.
]]>Avast’s Findings
- Nearly 134 apps were spotted on the iOS platform, which had 500 million downloads with projected revenues of $365 million.
- Around 70 fleeceware apps have been identified with 500 million downloads with projected revenues of $38.5 million on Google Play Store.
- Most fleeceware apps are circulated as astrology, horoscopes, musical instrument apps, QR code/PDF document scanners, cartoon creation, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, video clip editing apps, and slime simulators.
- Users are charged as much as $66 per week, totaling $3,432 per year. Most of the discovered applications range from $4 to $12 per week, which equates to $208 to $624 per year.
“With nearly a billion downloads and hundreds of millions of dollars in revenue, this model is attracting more developers and there is evidence to suggest several popular existing apps have updated to include the free trial subscription with high recurring fees. Unfortunately, this endeavor can be lucrative even if a small percentage of users fall victim to fleeceware,” Avast said.
What are Fleeceware Apps
“Fleeceware” is a term introduced by SophosLabs in September 2019. It has been named fleeceware due to its defining characteristic of overcharging users for functionality that is widely available in free or low-cost apps. Though these apps do not cause harm to the victims’ devices or data, they trick users into a free trial and later overcharge them through subscriptions and simply perform fleeceware scams.
How Fleeceware Apps work
Typically, fleeceware apps target individuals who are not familiar with subscriptions on mobile devices. The apps charge them even after they’ve deleted the apps from the device.
- Fleeceware apps lure consumers with a promise of a free three-day trial.
- The apps attach a subscription fee that commences at the end of the trial.
- Once the trial is over, the user is charged a recurring high subscription fee, which eventually goes to malicious app developers.
These apps continue to take advantage of consumers and charge from their saved cards, even after they have deleted the offending apps. It is also believed that these malicious apps are gaining popularity by advertising on various social media platforms such as Facebook, Instagram, and TikTok.
“Uninstalling the application doesn’t cancel the subscription — as a result, the user is likely to be charged further until they cancel the subscription within their device’s app market settings. There’s also the possibility that users forget to cancel the free trial, resulting in inexpensive fees. Either way, these scams make use of deceptive behavior that relies on the user not being informed about how subscriptions work and draw them into the scheme through a free trial,” Avast added.
Fleeceware App Prevention
Avast researchers recommended certain security measures to stay cautious about fleeceware apps. These include:
- Be careful with free trials of less than a week
- Read the fine print
- Be skeptical of viral advertisements
- Shop around
- Secure your payments
- Discuss the dangers of fleeceware with your family
What to do if you fall victim to fleeceware apps?
On iOS platform
- Open settings
- Tap on your Name
- Select the Subscription option
- Select the desired subscription that you want to end
- Tap on the cancel subscription
On Android platform
- Open Google play store
- Check whether you are signed in with the correct Google account
- Select the Three Lined menu from the upper right corner
- Select the subscription that you want to cancel
- Tap on the cancel subscription option
The post Fleeceware Apps Continue to Deceit Consumers; Scammers Earn S400 Mn appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Why Apple Dropped macOS Big Sur Feature ‘ContentFilterExclusionList’ appeared first on CISO MAG | Cyber Security Magazine.
]]>The Controversial Feature
In the latest versions of macOS, Apple deprecated third-party Kernel Extensions, including the Network Kernel Extensions (NKEs), which are used to comprehensively monitor and filter the network traffic. Apple launched the user-mode Network Extension Framework to support such products on modern versions of macOS (10.15+). However, it exempted more than 50 of its applications from being routed through the Network Extension Framework.
What Researchers Say…
The issue came to light in October 2020, after several security experts and app developers reported that their security tools failed to monitor/filter the traffic of the apps listed under ContentFilterExclusionList.
According to security researcher Patrick Wardle, cybercriminals can create malicious codes to exploit the legitimate Apple apps present in the list and then bypass the security tools and firewalls. He said, “Due to the ContentFilterExclusionList list, any traffic generated from these ‘excluded items’ could not be filtered or blocked by a socket filter firewall (such as LuLu).”
Users of macOS are also concerned about exposing their actual IP address and locations while using these apps.
Wardle Tweets…
Omg we did it!
Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)
Means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic!!
Read more: https://t.co/GJXkRA31e7 https://t.co/BCPqdCjkV0
— patrick wardle (@patrickwardle) January 13, 2021
“The ContentFilterExclusionList list has been removed (in macOS 11.2 beta 2). This means socket filter firewalls (such as LuLu) can now comprehensively monitor & block all network traffic). In Big Sur, Apple decided to exempt many of its apps from being routed thru the frameworks they now require third-party firewalls to use (LuLu, Little Snitch, etc.),” Wardle added.
The post Why Apple Dropped macOS Big Sur Feature ‘ContentFilterExclusionList’ appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Notarization Fail! Apple Inadvertently Approves Malware on Macs appeared first on CISO MAG | Cyber Security Magazine.
]]>What is Notarization?
Apple introduced the notarization process to ensure that their apps are malware-free. In notarization, app developers are required to submit their apps to a scanning process to detect for any malicious codes or other security issues. If an app does not pass notarization, it gets blocked by the built-in security function.
A Fail in Notarization
Mac security researcher Patrick Wardle discovered samples of the Shlayer adware that are notarized by Apple. The Flash installer adware campaign, which featured a malicious code, was not blocked by the built-in security function. The installer would run and download its payload on the device if a user clicks on it.
It is stated that the code could have been modified to pass or break the detection that Apple might have had for this adware. Wardle’s discovery led Apple to revoke the notarized payload and disable the developer account to further prevent the malware from running on Mac computers.
Malware on App Store
Avast, a maker of digital security and privacy products, recently discovered and reported three fleeceware apps to Apple’s App Store, which overcharge users, do not provide the services they promote and appear to be fleeceware. The apps are available on the Apple App Store as Beetle VPN, Buckler VPN, and Hat VPN Pro, and according to data from Sensor Tower, a mobile apps marketing intelligence and insights company, the apps have been downloaded over 420K, 271K, and 96K times, respectively, between April 2019 and May 2020. A fleeceware has a characteristic of overcharging users for functionality that is widely available in free or low-cost apps.
The post Notarization Fail! Apple Inadvertently Approves Malware on Macs appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Aptoide Android App Admits Data Breach; Suspends Sign-Up Option Temporarily appeared first on CISO MAG | Cyber Security Magazine.
]]>Aptoide assured that all its user passwords were encrypted. The company is evaluating the attack and has halted the sign-up option temporarily until a full audit is conducted. Aptoide also urged its users to change their credentials as a security measure.
Leaked Data Published on Hacker Forum
The Have I Been Pwned? website added Aptoide’s data breach entry stating that the app store had suffered a data breach exposing 20 million customer records in a hacker forum. It is said that data breach occurred on April 13, 2020, and published the precise number of compromised accounts as 20,012,235. Have I Been Pwned? is a website that allows internet users to check whether their personal data has been compromised by data breaches.
“In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses, names, IP addresses and passwords stored as SHA-1 hashes without a salt,” the website said in a post.
The post Aptoide Android App Admits Data Breach; Suspends Sign-Up Option Temporarily appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Malicious Fleeceware Apps Affect 3.5 Mn iPhone Users appeared first on CISO MAG | Cyber Security Magazine.
]]>What is Fleeceware?
“Fleeceware” is a term introduced by researchers at SophosLabs in September 2019. It has been named fleeceware due to its defining characteristic of overcharging users for functionality that is widely available in free or low-cost apps.
It is said that these app developers are taking advantage of Apple’s free trial period by charging an excessive amount from users when they don’t cancel the subscription. Usually, these apps charge subscription charges between $30 per month or $9 per week after a 3 to 7-day trial period. It is also suspected that these apps bought fake five-star reviews to boost their ranking on the App Store and used pay-per-install services to boost install counts to attract users.
According to the researchers, most of the fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code scanners, and face filter apps. “Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps,” the researchers said in a blog post.
They also highlighted that some app developers intentionally didn’t cancel an app’s trial period when a user uninstalled the app. An excessive amount of service continuation charges ($360 or $468 per year) were debited from the users’ saved cards for basic functionality in the apps. It is also believed that these malicious apps are gaining popularity by advertising with various social media platforms like Facebook, Instagram, TikTok, and others. Sophos also published a complete list of the malicious fleeceware apps.
Not the First Time
Earlier, Sophos discovered a set of 25 fleeceware apps on Google Play Store having more than 600 million installs. Some of these apps have close to 100 million installs, which can rival even the legitimate apps on the Google Play Store.
The post Malicious Fleeceware Apps Affect 3.5 Mn iPhone Users appeared first on CISO MAG | Cyber Security Magazine.
]]>