Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
31st January 2020
There was a story this week that rather caught my eye.
Apple has done an amazing job policing the App store over the years for iOS. In effect, there is a level of trust that if an App makes it into the App store then it can be trusted. Many organisations base a large part of their App security on mobile on this.
So, the news this week of an App sneaking through the net was interesting. Mainly because Apple has done such a good job over the years that it is actually a news item!
Now – to the details for those that missed it.
- Over in Iran, they are currently in the middle of a technology embargo. This embargo also covers access to any Iranian Apps
- A local Ride-Hailing (Taxi) type service called Snapp has been removed from the Apple App store as a result of the embargo
- People still have iPhones and a need for Apps
- So, how do they get the App??
The answer turned out to be surprisingly simple: make the App look like something else (a RADIO App no less!!) when you download it from the App Store, but when it runs within Iran it will turn itself back into the Snapp App!
This is all presumably so the Snapp App flies under the radar in Apple’s test labs. If it was obviously for Iranian Taxis then it would get blocked. But if it looks like something completely different and is called something completely different then maybe it will get through… so simple as a concept.
Two Apps in one!! Genius!!!
But it does raise a rather important question – how did something so simple get through Apple’s testing? And the answer is we don’t know… because it is a black-box process. In fairness, if Apple told everyone what they looked for then it would make it easier to work around the testing! Chicken and egg…
I’m sure Apple will now have closed the gap in their testing to spot this kind of thing – it shouldn’t be hard to find loads of redundant code and screens.
And the reason the Snapp app was spotted?? Ironically it was because of word of mouth and user reviews…
The moral here is to always consider what Apps you have on devices… just because Apple test them doesn’t mean you should just accept this. Not all Apps are necessarily what they seem!