According a new research, Apple Inc (NASDAQ: AAPL) iOS devices are at risk of getting apps that have been malformed to do some malicious activities. However, this new research is only applicable to those who have jailbroken iOS device or are in an ecosystem that deals with enterprise apps.
According to the FireEye, a security firm in the California, the certificates used by both the developers and enterprise customers can be altered to replace the legit apps with the one that has been altered already to execute malicious operations in the iOS. The custom app adoption in the enterprise is very high. As per the reports, the adoption of customs apps was initially 107% but has grown to a whopping 731% year-over-year and is continuously increasing too.
Custom apps are the one that are easily available from the workplace and can be of great use while completing the daily tasks. Enterprise have their own apps to have a reliability, security and an ease of work for its employees, and it is also a well known fact that these apps can be updated over the air — putting more risks for its users.
An attacker can easily re-direct you towards the malicious website that holds the link to a malicious app. The app once installed can be used to do the malicious activities such as recording your activities, calls and messages. The researchers were able to give a demo of this new finding by replacing the authentic Gmail app with the one that has been altered to make you insecure.
Android also suffers from the same issue, however, Google has put up a barrier called Bouncer to check the activities of apps for any such kind of activity, however, it can also be bypassed in one or another.