Warning to iPhone users: This is how criminals foist malicious apps on you

Warning to iPhone users: This is how criminals foist malicious apps on you

Apple's app ecosystem is considered secure but still has holes, as a recent report shows. In a perfidious way, namely by using an official Apple platform, malicious apps can be foisted on iPhone users. What do users have to consider now?

If you want to offer apps in the Apple world, you have to stick to the rules, so no iPhone app gets into the App Store without being checked. Millions of iPhone users can and rely on it. But what many people don't know is that you don't necessarily need the App Store to install apps on an Apple cell phone. Fraudsters are currently taking advantage of this fact.

iPhone users at risk: This is how infected apps are now coming to Apple phones

A criminal organization called "CryptoRom" managed to distribute fake cryptocurrency apps to iOS and Android users (source: Sophos). This was of course particularly easy on Android, after all apps can officially be installed there without the Google Play Store. This is called sideloading, a process that Apple has so far strictly rejected for the iPhone. But how could the scammers still distribute their infected apps on the iPhone?

As the report reveals, the criminals use Apple's official platform for distributing beta apps - TestFlight. Using TestFlight, developers can invite up to 10,000 users to try out their apps in advance – bypassing the App Store. Advantage in this case for the scammers: Such beta apps do not have to go through the App Store review process per se.

Through this ruse, Apple has no knowledge of such occurrences. Any iOS user using TestFlight on iPhone can easily download and install such apps. Distribution is even easier for fraudsters, since it does not necessarily require an individual invitation. It is sufficient to provide a public download link.

Criminals also use such tricks:

And there is another distribution method used by criminals. For this you access web apps. In this case, these are fraudulent websites that are added to the iPhone's home screen and run there as an app . Web apps are of course completely outlaws and cannot be checked by Apple at all.

There are also useful and non-malicious web apps:

What does Apple say and recommend?

All very worrying. But what does Apple say, what do users have to consider now, how can they protect themselves? A direct change in the TestFlight processes is not to be expected from the iPhone manufacturer, after all, even tens of honest developers depend on it. Instead, Apple refers to personal responsibility. To protect yourself from scammers, one should not install apps and software from unknown sources. This applies even if they are distributed via the official TestFlight platform. For even more safety instructions and tips, Apple refers to a specially set up website (see Apple).

Comments

Popular posts from this blog

What is VoLTE and how can you activate it on your Xiaomi

So you can check the battery status of your Xiaomi smartphone and how many cycles you have performed

How to exit the FASTBOOT mode of your Xiaomi if you have entered accidentally

Does your Xiaomi charge slowly or intermittently? So you can fix it

Problems with Android Auto and your Xiaomi? So you can fix it

If your Xiaomi disconnects only from the WiFi it may be because of that MIUI setting

How to change the font in MIUI and thus further customize your Xiaomi: so you can change the type, color and size of the letters of MIUI

What is the Safe Mode of your Xiaomi, what is it for and how can you activate it

Improve and amplify the volume of your Xiaomi and / or headphones with these simple adjustments

How to activate the second space if your Xiaomi does not have this option