Apple and Google both make life difficult for cybercriminals who want to promote malicious apps. Before you upload an app to either platform, it is checked for malicious behavior. Despite this fact, many malicious apps do get through.
This is a bigger problem on the Google Play Store, but Apple's platform isn't perfect. Contrary to popular belief, users of both platforms should be careful what they download.
If you download a malicious app, you are inviting rogue advertisements and potentially, the theft of your personal information. So why are malicious apps available on the App Store and what can you do about it?
How Malware IsUploaded to the App Store
Apple is obviously a highly reputable company. Many people are therefore surprised to learn that malicious apps are a problem. The reality, however, is that some level of malware is almost impossible to prevent.
If an app is obviously malicious, it will be rejected immediately. Apps uploaded to the App Store are all reviewed and most are reviewed manually. Many are also rejected. Malicious actors, however, use a variety of techniques to avoid detection.
Apps are often programmed to run invisible ads. These ads don't display on the affected device. Instead, they make the device visit websites in the background. This allows the developers to collect ad revenue without the user being aware that anything is happening.
Some apps also have a delay before they start doing anything malicious. Developers are aware that apps are tested before being published. They therefore program their apps to behave normally until they are installed on a regular user's phone. This is often achieved by only dialing out when they've been installed on a phone with a sim card.
Apple and Google are partially to blame too. The App Stores receive thousands of app submissions every week and inspecting them all is an expensive process. Additional inspection also requires developers to wait longer to have their apps approved and longer wait times may reduce the number of apps submitted. It's possible that any attempt by Apple to further prevent malicious apps on their platform may therefore reduce profitability. And it won't necessarily prevent them.
Promoting a malicious app on the App Store is highly profitable. An app that successfully makes it onto the platform can make millions in advertising revenue. Because of this, no matter what Apple and Google do, people are going to keep trying, and they will occasionally be successful.
It's worth noting that malicious apps are sometimes uploaded to the App Store accidentally. Some developers use code snippets written by other people; if they use the wrong code, it's possible to accidentally add malware to an otherwise legitimate app.
What Do Malicious Apps Do?
Malicious apps range widely in terms of functionality. They are all designed to make money but how they achieve this varies.
Ad Fraud
Ad fraud is a popular way to make money from malicious apps. Many legitimate apps use advertising but malicious apps take additional steps. Along with running ads that you can see, they also run ads in the background. This is arguably a bigger problem for advertisers than smartphone users, but this activity does use up battery and bandwidth.
Browser Hijacking
A malicious app can hijack your browser and cause it to open malicious URLs. The malicious URL might then request personal information, promote a scam, or attempt to take advantage of vulnerabilities.
Information Theft
All smartphone apps are installed in a sandbox so there's a limit to what information a malicious app can steal. They can, however, access your clipboard. Anything that you copy and paste can therefore be stolen. Needless to say, any personal information that you enter into the app can also be stolen.
Phishing Alerts
A malicious app can be used to trick you into providing information using phishing alerts. In order to do this, the app would display an alert that appears to come from a reputable source. Any information that you provide such as a username and password can then be stolen.
How to Avoid Malicious Apps
Malicious apps are newsworthy precisely because they are usually rejected, so anything the makes it through becomes notable. The vast majority of apps on the App Store are safe. Here's how to protect yourself from those that aren't.
Don't Jailbreak Your Phone
Apple's App Store isn't perfect, but it's still much safer than the alternatives. It is possible to sideload apps on a jailbroken iPhone without consequence but in doing so, you are significantly increasing the chances of malware.
Keep Your OS Updated
OS updates are important because they remove security weaknesses. By keeping your iPhone updated, you are therefore limiting the amount of damage that a malicious app can perform if you accidentally install it.
Research Less Popular Apps
Smaller developers make legitimate apps and it doesn't make sense to avoid them entirely. If you want to download an app from a lesser-known developer, however, it's important to read the description carefully and check customer reviews. It's worth noting that customer reviews can be bought, so maybe look elsewhere online to check authenticity.
Understand How Malicious Apps Behave
Malicious apps are designed to be difficult to detect. But an app can't hide the fact that it's using your phone's resources. If your battery or bandwidth is being used up too quickly, check which app is responsible.
If you suddenly start seeing alerts that request information, this is also cause for concern. Any app that is behaving this way should be uninstalled.
App Stores: Secure but Not Perfect
Apple has a reputation for the security and privacy of their products and this reputation is largely deserved. If you own an iPhone, however, Apple's reputation shouldn't be used as a reason for complacency. Malicious apps are available on the App Store and it's important to be on the look out for them. The same is certainly true of Android as that OS is more customizable.
Use caution when downloading lesser known apps and if you've been careless in the past, it's worth uninstalling anything that you don't need. Apps that use up your battery aren't necessarily a problem but the theft of your personal information certainly is.