Apple approves fake iPhone app for App Store
Security experts can't tell whether bogus Camera+ was malicious
Computerworld - Apple let a fake app slip through its approval process for the iOS App Store, the makers of the popular Camera+ program said over the weekend.
Security researchers who noted the slip-up did not know whether the bogus app contained malware because they had been unable to grab a copy before Apple yanked it from the App Store.
On Saturday, the iPhoneography blog announced that a new App Store entry was fake.
The App Store listing touted Camera+ version 4.0, and listed the price at $0.99.
Although the real Camera+ -- created by Tap Tap Tap -- is sold for the same price, it's only at version 2.4.
iPhoneography's Glyn Evans contacted Tap Tap Tap, who confirmed that Camera+ 4.0 was phony.
"Oh, Apple and your all too often disappointing approval process," said Tap Tap Tap on Twitter Saturday.
Tap Tap Tap has butted heads with Apple before: In 2010, Apple yanked Camera+ from the App Store in a dispute over a violation of Apple's developer agreements.
Apple later restored Camera+ to its app distribution channel.
U.K. security company Sophos noted the fake Camera+, but said it couldn't tell whether the app had a malicious purpose.
"We haven't been able to get our hands on a copy of the bogus app, so we cannot confirm if it contained any malicious functionality," said Graham Cluley, a Sophos senior security consultant, in a blog Monday. In a follow-up email, a Sophos spokeswoman said the company believed it was probably created to siphon money from Tap Tap Tap's sales.
The fake Camera+ used graphics identical to the real deal to promote the program on the App Store.
According to that entry -- which was still available Monday via Google's search cache -- the bogus Camera+ was released on Saturday, Jan. 21 by a Hiep Nguyen of a company called Pursuit Special.
Later that day, Apple pulled the illicit Camera+ from the App Store, Tap Tap Tap confirmed on Twitter.
Apple's gaffe was notable since most security experts consider the iPhone platform more secure from hacker misuse because Apple vets each app before allowing it into the App Store, unlike Google.
Google's Android Market has been plagued with bogus apps, many of which contain some kind of malicious functionality. Last month, for example, Google scrubbed 22 malware-infected apps from its official e-store.
Cluley wondered how Apple could have screwed up.
"But questions still remain as to what went wrong with Apple's approval process," Cluley said. "After all, Camera+ is currently the 14th best-selling app in the App Store -- Apple should surely recognize if someone other than Tap Tap Tap tries to submit it to the store."
As of mid-day Monday, Camera+ was actually No. 7 on Apple's bestseller list of paid iPhone apps.
Apple did not immediately reply to questions Monday.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Long replacement cycle drags down iPad sales
- Apple unwraps OS X Yosemite public beta Thursday
- Apple grows Mac sales by 18% on the back of the MacBook Air
- Want an Apple watch? Just 3D print one
- What to listen for during Apple's earnings call today
- Mac sales will again outstrip industry average
- Apple, IBM spell out enterprise support for iPhone, iPad
- Timeline: How Apple's iOS gained enterprise cred
- Apple and IBM: A winning combo for IT
- Why Microsoft isn't spooked by the Apple-IBM alliance
Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.
- Use the Mobile App Mix to Choose an Enterprise App Store Strategy In this research report Gartner outlines how organizations can optimally secure, distribute, and manage mobile applications for employees and contracted workers.
- The Case for Mobile Apps Today's mobile apps turn handheld devices into e-book readers, portable navigation systems, digital wallets and more. And for organizations with mobile workers, they...
- The 5 Big Lies About Going Mobile You've heard about the power of mobile to change your business. But have you realized your mobile potential? It's about much more than...
- Transforming enterprise applications for mobile environments This new white paper explains how Dell Application Modernization and Development Solution Set can help you understand when to develop new mobile apps,...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Mobile Apps White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!