Jekyll Apps | iMore

Give me some space!

Turn your Nintendo Switch into the ultimate console with a microSD card!

A closer look

Everything you need to know about the AT&T Unlimited plan

Users Guide

The third public beta for iOS 10.3 is here! This is how you get it

User Guide

Apple releases third public beta of macOS Sierra 10.12.4

iMore Offers

Get a lifetime of unlimited mobile backup from iDrive for $19.99

Beta time!

Apple releases third developer beta of iOS 10.3

Everything you need to know!

iPhone 8 will reportedly feature 3D-sensing FaceTime camera

Developers only!

tvOS 10.2 beta 3 now ready for developers

Developers only!

Apple releases third beta of watchOS 3.2 to developers

What you need to know

Four new iPad Pro models could be coming in March

Enter now!

We're giving away the new full-grain leather slim wallets from Pad & Quill

From 'OW' to 'WOW'

Hi, I'm an iPad Pro! β€” 'We hear you' brings classic feel to new ads

Touch ID for all!

Why Touch ID makes the MacBook Pro the best Mac ever

🐣 + 🍍 + πŸ’Ž = πŸ‰

PokΓ©mon Go Gen 2 Guide β€” New info!

Click. Swoon.

Billboard's cover: Shot on iPhone 7 Plus Portrait Mode

bye bye birdie

How to delete your Twitter account 🚫πŸ₯

SWITCH IT UP

Nintendo Switch FAQ: Everything you need to know!

iOS Gaming Weekly

Here are the best new iPhone games out and on sale now!

Mastering AirPods

How to use your AirPods when you're offline

ALL EYES ON HOME

Why you might (and might not) want an indoor security camera in your home

< >

Order: BeatsX | AirPods | MacBook Pro | Order iPhone 7: Apple | Verizon | T-Mobile

Jekyll Apps

Jekyll apps: How they attack iOS security and what you need to know about them

Today researchers Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from Georgia Tech gave a talk at the 22nd USENIX Security Symposium and revealed the details of how they got a so-called "Jekyll app" through the App Store approval process and into a position where it could perform malicious tasks. Their methods highlight several challenges to the effectiveness of the Apple's App Store review process as well as security in iOS. The researchers immediately pulled their app from the App Store after downloading it to their test devices, but demonstrated techniques that could be used by others to also sneak malware past Apple's reviewers.

The details of Apple's app review process are not publicly known, but aside from a few notable exceptions it has been largely successful in keeping malware away from iOS devices. The basic premise of a Jekyll app is to submit a seemingly harmless app to Apple for approval that, once published to the App Store, can be exploited to exhibit malicious behavior. The concept is fairly straightforward, but let's dig in to the details.

More →


Researchers sneak 'Jekyll app' malware into App Store, exploit their own code

Tielei Wang and his team of researchers at Georgia Tech have discovered a method for getting malicious iOS apps past Apple's App Store review process. The team created a "Jekyll app" that seemed harmless at first, but after making it into the App Store and onto devices, is able to have its code rearranged in order to perform potentially malicious tasks.

More →