APPLE'S APP STORE is generally regarded as being pretty safe, and compared to the sheer quantity of iffy apps that make their way onto Google Play, it certainly looks good in comparison. But research from security firm Wandera shows that this reputation isn't a guarantee of safety.
Wandera found a total of 14 retro games that seem to be communicating with a server that found fame controlling the Golduck malware for Android.
While the 14 games in question don't seem to be doing anything untoward, they are as packed with adverts as you'd imagine free apps to be, and as such they could feasibly use ad slots to trick people into downloading nasties beyond the walled garden of the App Store.
The apps also seem to be passing some information back to the server too: IP addresses and (sometimes) location data.
"The apps themselves are technically not compromised; while they do not contain any malicious code, the backdoor they open presents a risk for exposure that our customers do not want to take," Wandera told Techcrunch. "A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed."
Between them, the apps have been downloaded around a million times, but it seems that Apple has now pulled them from the App Store with a "not currently available in the US store" message coming up if you attempt to download them.
That doesn't help those that already have them installed, of course, so here's a list just in case: Commando Metal: Classic Contra, Super Pentron Adventure: Super Hard, Classic Tank vs Super Bomber, Super Adventure of Maritron, Roy Adventure Troll Game, Trap Dungeons: Super Adventure, Bounce Classic Legend, Block Game, Classic Bomber: Super Legend, Brain It On: Stickman Physics, Bomber Game: Classic Bomberman, Classic Brick - Retro Block, The Climber Brick, and Chicken Shoot Galaxy Invaders.
Yeah, we thought not. Still, it doesn't hurt to check, and it's a timely reminder that just because the App Store vets apps, external ad servers are a blind spot. Sometimes it's worth paying 99p for the peace of mind an ad-free experience can bring. µ
It's on the naughty Liszt
Three models will debut in September
That's the irony klaxon going off again
This is sucky-sucky for five dollar