• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

iOS app allows installation of pirated apps in non-jailbroken iPhones

Updated on Mar 1, 2016 by Guest Authors

A group of hackers originating from China took advantage of application testing certifications, released by Apple for free, to install illegitimate apps using a sideloading technique.

The Chinese app found on Apple App Store has been used to install pirated apps on iOS devices that have not even been jailbroken, according to researchers from Palo Alto Networks. Normally, illegitimate apps are downloaded and lodged in jailbroken devices (or “rooted” in the case of Android handsets).

The new iOS feature that was abused by the Chinese developers allowed them to get code-signing certificates at no cost in order to deploy and test mobile apps. Because all of the devices built by Apple are inherently secure according to the company, there is a scarcity of anti-malware tools for the iOS ecosystem.

app-store

Apple boasts of its secure platform, except for iOS devices that have been jailbroken. For iPhone models that have not been jailbroken at all, apps that do not come from its trusted app store such as the Apple App Store are not welcome for security reasons. But the apps that get past the security barrier will need to be vetted first by Apple’s security team.

The code- signing certificates, on the other hand, are alternative tools for developers to distribute apps to iPhones and iPads without having to publish them on the Apple App Store. These certificates were abused by the Chinese developers to install malicious apps on non-jailbroken Apple devices.

However, a similar method was employed in the past to lodge malware on iOS handsets. The latest Chinese app found on Apple App Store bears the name ZergHelper or XY Helper. The malicious mobile app was also used to manipulate the newly launched personal development certificates that also work as code-signing certificate. The personal development certificates were unveiled alongside Xcode 7.

Developers are sometimes forced to use the Xcode 7 to test their apps by running them on their devices without publishing them yet on the Apple App Store. And that is free, whereas the enrolment process in Apple’s Developer Program will cost them a $99 per year.

Mobile app developers will need to run the Xcode on their mobile device tethered to a computer in order to generate the personal development certificates. Developers of the ZergHelper app appeared to have cracked the secret method for obtaining the certificates from Apple.

It is important to note that the ZergHelper app is by no means a malware, but the method used here could enable future attacks on iOS devices.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 · All Rights Reserved