Mobile device owners are encouraged to download apps from official sources, such as Apple’s App Store. However, they should still exercise caution as malicious apps can still slip through.
The latest culprit posed as the popular Camera+ app and had the description “The Most Amazing Camera+ Version Yet.” Unlike the popular Camera+ app, which is developed by Tap Tap Tap, this version came from Pursuit Special, said Glyn Evans of iPhoneography, who found the app on Jan. 21. Once notified, Apple pulled the app from the App Store.
It was not clear if Camera+ 4.0 VS & SS was just piggybacking on the popular name or if it actually has malicious functionality, according to Graham Cluley, a senior technology consultant at Sophos, wrote on the Naked Security blog.
Even so, Apple’s approval process should have noticed that someone was uploading an app with the same name as an app that is currently the 14th best-selling app in the App Store, according to Cluley. “Apple should surely recognize if someone other than Tap Tap Tap tries to submit it to the store?” Cluley said.
The real makers of Camera+, Tap Tap Tap, confirmed on Twitter that the app was fake. “Oh Apple and your all too often disappointing approval process,” the developers posted on Twitter.
Android users learned the hard way last year that malicious apps can masquerade as photo apps and mobile wallpapers on the Android Market. There was a sense that Apple’s App Store was safer because Apple pre-approves each app before it appears in the store, something Google doesn’t do for the Android Market.
Even so, that doesn’t mean fake or malicious apps have never appeared on the App Store. Mac security researcher Charlie Miller’s proof-of-concept app that would have allowed remote users to execute unsigned code on the iPhone was approved for the App Store last fall.
“As always, be careful what applications you install on your computing devices – even if they come from the Apple App Store,” Cluley said.