The iPhone 5S at a Beijing Apple store. Credit: Michael Kan
Apple is facing growing challenges keeping suspicious mobile applications out of its App Store marketplace.
Over the last two months, researchers have found thousands of apps that could have potentially stolen data from iOS devices.
While the apps were not stealing data, security experts said it would have been trivial for attackers to configure them to do so.
Apple has removed some of affected apps since it was alerted by security companies. But the problems threaten to taint the App Store's years-long reputation as being high quality and malware free. Apple officials didn't have an immediate comment.
"The common theme we are seeing is this new wave of attacks against iPhones and against iOS," said Peter Gilbert, a mobile software engineer with FireEye, in an interview.
That's worrying for enterprises tasked with keeping corporate data and passwords entered on employees' mobile devices out of the hands of hackers.
Apple reviews apps submitted by developers for its store. That process has somewhat rankled developers, who have complained the process is too slow.
The upside is that the App Store has not had the same problems with malware as Google in its Play Store for Android devices.
But hackers are now "really looking for ways to get vast numbers of apps in the App Store in these legitimate channels and getting past whatever the barriers that are put up there," he said.
Those efforts appear to largely centered in one place: China.
On Wednesday, FireEye said it discovered 2,800 apps in the U.S. and Chinese versions of the App Store that contained a potentially malicious code library used to deliver advertisements.
The ad library, mobiSage SDK, was developed by a Chinese company called adSage. The library had been incorporated into the apps by developers, who may have been unaware it had data-stealing capabilities. FireEye nicknamed the scheme iBackDoor.
AdSage, based in Beijing, couldn't be immediately reached for comment. It has since released an updated version of the mobiSage SDK, which does not have the backdoor capability.
Gilbert said it's possible that someone took adSage's product, added the malicious capabilities and then made it available for developers.
The latest finding adds to other recent issues in the App Store.
In mid-September, Palo Alto Networks found 39 apps that contained a modified version of Apple's Xcode development tool. That version, which was dubbed XcodeGhost, could add hidden malicious code to apps it is running on.
Sign up for Computerworld eNewsletters.