Loophole in Apple’s iOS Enterprise Deployment Policy Used to Spread Fake, Pirated Apps

By Monday, January 28, 2013 0 , , , Permalink 0

According to a report published by Trend Micro today, there have been instances wherein pirated apps were found on iOS devices over the last few weeks and these apps are appearing on devices that are not even jailbroken. Such a development puts enterprise users at the risk of rouge installations that may eventually lead to disclosure of private and confidential information.

“In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services,” notes Warren Tsai, product manager for Trend Micro, in a blog post.

Tsai said that the loophole is present in Apple’s iOS enterprise deployment policy. Enterprise users have the ability to deploy custom apps and this is the service that is being abused to install pirated apps onto iOS devices. “The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users,” he said.

Tsai notes that the sandbox feature hasn’t be broken yet thus ensuring that apps won’t be able to go beyond what they are allowed to do but, it may be possible that these apps may have secondary functions whereby they will send some private information to servers located in different countries thereby increasing the chances of data leakage.

Targeted attacks cannot be sidetracked though and attackers may try to steal confidential information from enterprises.