I just love the apple response mail to the guy who disclosed this to them:
"We have forwarded your feedback to the appropriate team. Someone from that team will investigate and follow up as needed with the developer.
Because we can only share communications about an app with its developer, you will not receive updates about this matter."
It's the perfect email, they can do whatever they want, and they have an excuse why they don't need to account for it - they could let the app do whatever it want, demand it to change it's behavior or throw it out, but the one who spent considerable time researching this would never know.
Apple's lack of transparency is one of my biggest problems with them. I refuse to ever file bugs with them since I know I won't get any meaningful updates.
Similarly, I often report problems on Google Maps since they actually send email updates about your report and tell you when it's fixed, whereas I never do with Apple Maps since they don't provide any feedback.
I can't get the video links in the tweet [1] to open? Unless I fat-fingered all 3 of them. Either the guy doesn't want to be accused of not following proper disclosure procedures, or he was somehow asked to remove them?
The problem is your average user only sees glowing reviews of ES File Explorer on the Play Store. They do not care to search for information about the data egress to Chinese servers, and are lulled into a false sense of security by the Play Store itself, which claims to 'verify' all apps on it.
Are you saying everyone is aware about those things?
I for one never use a Chinese app or an app that was bought by a Chinese company ever again (sorry, Opera). But I doubt 99% of the users even realize who owns these apps.
Yuck. I installed that a while back to ease dealing with some local files on the phone for some testing, and it's been sitting on there for a while. Uninstalled, since regardless of whether it's true now, it could be true in the future, and an app not used is both an app not needed and a security hole waiting to happen at this point.
I still can't believe android doesn't have a native file explorer. The fact that you need to install a 3rd party addon for such an essential feature boggles me. I can't read a PDF without a file explorer.
I currently use Solid Explorer due to ES File Explorer's shadiness
Wow, I did not know that. Thanks for the heads up. I even keep up with security stuff. I don't ES File Explorer any more because I don't really do specific file management on my phone. That's disturbing.
It's the sad state of affair in "trusted" App Stores. Little Snitch is the first app I install on every machine. I look forward to a day when network access becomes a permission a sandbox app asks for.
Sadly, I don’t see Apple making any moves in this direction, probably because advertising is an extremely popular form of revenue these days. It’d be rather awkward explaining why they enable these controls on the computer but they don’t allow them on iOS.
It is sandboxed from filesystem access, but as soon as it is launched, it asks the user for permission to access their home directory.
Really this is just an indictment of old-school massive deep tree file organisation, and of Unix file permission being too coarse-grained for what are effectively single-user computers.
While I agree in principle, in this case I'm not sure any permission system would help. An anti malware program has legitimate reason to access the internet. It also has legitimate reason to read files. Heck it may even have legitimate reason to upload some of that data for analysis. Those first two capabilities are very hard to keep separate (you'd need one process for each capability and a very tight restriction on interprocess communication). The third is game over.
I think ultimately the problem is more about trust and oversight.
I wonder if there's any chance of improvement of that under linux. Only chrome needs access to my chrome data directory. It also doesn't usually need access to anything outside it. There's not that much use of solid security preventing apps from gaining the root access when all my sensitive data is accessible from my user.
I don't think any app review process is more than theatrics. Google, Apple or Microsoft. There's too many programs with too much code with too many places for malicious code to hide.
The programs allegiance is always with the people who write it (exploitable bugs aside). Either you trust those people with the permissions you give them or you don't give them those permissions. How can Apple know who to trust? How can the end user?
I just started looking at making a browser extension for Safari and it's insane compared to every other browser AFAIK, one has to make an app and submit it to the app store for approval.
The app review process is security theory. I blame the sand boxing mechanism that allows a Mac App Store app permission to an entire folder. That permission is inherently unsafe.
If an app needs that type of permission on the Mac sell it outside of the App Store.
Can we talk about this problem? Amazon gets a lot of attention for questionable reviews but Apple hardly gets any backlash from consumers or the media.
Ratings and reviews help people make informed decisions when considering whether to try out your app. Positive ratings and reviews can mean more downloads of your app, and customer feedback gives you insight into real world usage that helps direct future development efforts.
Delivering a great overall experience is the best way to encourage positive ratings and reviews, but it’s also important to ask for feedback at appropriate times. Keep these considerations in mind when asking people to rate your app.
Ask for a rating only after the user has demonstrated engagement with your app. For example, prompt the user upon the completion of a game level or productivity task.
Nowhere on that page are there any prohibitions against asking for five-star or positive reviews, and indeed, it's quite easy to find examples of high-profile apps asking for five star reviews, including Amazon (see example on the bottom of this page: http://leanmedia.org/amazon-removes-reviewer-emails-profiles...).
It's not hard to see the damage done by inflated or bogus user reviews: The unwary are more likely to download them, as is the case for this top-ranking utility sending browser history back to China.
Search for "app store review farm" and you'll see how easy it is to fake reviews. Apple's system is sufficiently advanced to prevent people from doing it in a fully automated way, so it's done with the manual version of click farming. Basically the same idea as paying somebody to farm gold in a MMORPG. Trust nothing.
So long as the cost to post a review is less than the reward, abuse will continue. The more a company polices reviews and/or verifies legitimacy, the higher the "cost" of the review.
The value of the review can be diluted by encouraging reviews from actual users. Here, however, the user can't review behavior that is concealed.
Thank you to all the security researchers out there reporting this stuff. Keep the bad press flowing, so apple doesn’t get too lazy and let even more of these through...
That seems better in theory than practice - Apple didn't detect the behavior (though it violates their dev TOS), I would think the users whose browsing data was exfiltrated will not feel especially secure.
> The next release of macOS, macOS Mojave, will protect content like Safari History or cookies from apps, even those to which users have granted access to their home directory.
Apple is a terrible choice for gatekeeper because they stand to benefit from any app becoming popular, regardless of why the app has become popular. Gambling-inducing gem scams and apps with fake reviews do just fine and earn Apple 30% at the expense of users so Apple certainly loses money in the short term if they refuse those apps entirely. Apple also gains when they can brag on stage about how many bazillion apps there are on Apple platforms; scam apps are generally quite numerous (probably because it’s easier to come up with a bunch of crappy apps than a single good one) so they’re sort-of-OK with having lots of “apps” that no one should really be installing. A really tiny list of outstanding apps would be hard to sell on stage.
The only real impact on Apple’s bottom line would be for the entire store to become so infested, relative to competitors, that people jump ship and stop buying expensive Apple hardware out of frustration. Apple is at least observant enough to avoid that; they’ve kept their store clearly better than competing stores but none of them is necessarily a great experience.
I strongly suspect that the convenience of payment processing is the primary reason for developers to put up with Apple’s too-random screening systems. If Apple were required to open up app payment processing to any number of payment services, and if they were relying on trusted 3rd parties to certify apps (perhaps based on category), we would see a very different app experience.
Distributing reviews to different authorities would also be hard. For example, if you had “security experts” handle screening for apps in a certain category, somebody could just write a sneaky app in a different, weakly-reviewed category to make it through the net into the store. Apple would almost have to create secure subsets of their entire API in line with app store categories, e.g. “you can’t even use network-access APIs for apps in this category” would be a very useful restriction. The other nice thing about this is that Apple would finally be free to not need certain expertise in-house; e.g. if you don’t have enough good people on staff who are qualified to assess the security risks of an app but you can find a trusted 3rd party that can, you can hire them to be that trusted authority and we can stop assuming that Apple is the best at handling everything by itself.
[+] [-] Illniyar|7 years ago|reply
"We have forwarded your feedback to the appropriate team. Someone from that team will investigate and follow up as needed with the developer.
Because we can only share communications about an app with its developer, you will not receive updates about this matter."
It's the perfect email, they can do whatever they want, and they have an excuse why they don't need to account for it - they could let the app do whatever it want, demand it to change it's behavior or throw it out, but the one who spent considerable time researching this would never know.
[+] [-] lemoncucumber|7 years ago|reply
Similarly, I often report problems on Google Maps since they actually send email updates about your report and tell you when it's fixed, whereas I never do with Apple Maps since they don't provide any feedback.
[+] [-] cabaalis|7 years ago|reply
[1] https://twitter.com/privacyis1st/status/1038103142460743681
[+] [-] pkaye|7 years ago|reply
[+] [-] greglindahl|7 years ago|reply
[+] [-] paulcarroty|7 years ago|reply
[+] [-] JTbane|7 years ago|reply
[+] [-] mtgx|7 years ago|reply
Are you saying everyone is aware about those things?
I for one never use a Chinese app or an app that was bought by a Chinese company ever again (sorry, Opera). But I doubt 99% of the users even realize who owns these apps.
[+] [-] kbenson|7 years ago|reply
[+] [-] stevenwoo|7 years ago|reply
[+] [-] swaggyBoatswain|7 years ago|reply
I currently use Solid Explorer due to ES File Explorer's shadiness
[+] [-] MrEfficiency|7 years ago|reply
I think it was navigating videos and being able to hit 'Next' in-video.
Whatever the case it broke and I found a new file explorer.
[+] [-] beardbound|7 years ago|reply
[+] [-] aogl|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] eddieplan9|7 years ago|reply
[+] [-] drb91|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
This is something that the sandbox model already supports, but is granted by default to apps under the default profile for App Store apps.
[+] [-] frou_dh|7 years ago|reply
Really this is just an indictment of old-school massive deep tree file organisation, and of Unix file permission being too coarse-grained for what are effectively single-user computers.
[+] [-] ChrisSD|7 years ago|reply
I think ultimately the problem is more about trust and oversight.
[+] [-] comboy|7 years ago|reply
[+] [-] bangonkeyboard|7 years ago|reply
1) Apple's app review is nigh useless security theater.
2) The App Store is easily manipulated with fake reviews to boost malware.
3) Apple's approved channels for vulnerability reporting are low priority, opaque, and unresponsive.
4) Apple acts (and swiftly) only upon media attention.
[+] [-] kbenson|7 years ago|reply
It's not useless, it serves the vital purpose of allowing Apple to strong-arm companies when Apple wants to compete with them. :/
e.g. https://news.ycombinator.com/item?id=17831188
[+] [-] ChrisSD|7 years ago|reply
The programs allegiance is always with the people who write it (exploitable bugs aside). Either you trust those people with the permissions you give them or you don't give them those permissions. How can Apple know who to trust? How can the end user?
[+] [-] da_chicken|7 years ago|reply
Just because the garden has a wall doesn't mean that anybody's tending the roses.
[+] [-] stevenwoo|7 years ago|reply
[+] [-] scarface74|7 years ago|reply
If an app needs that type of permission on the Mac sell it outside of the App Store.
[+] [-] ilamont|7 years ago|reply
https://threatpost.com/top-macos-app-exfiltrates-browser-his...
Can we talk about this problem? Amazon gets a lot of attention for questionable reviews but Apple hardly gets any backlash from consumers or the media.
I note on the relevant Apple page for developers (https://developer.apple.com/design/human-interface-guideline...) that the following guidance is given:
Ratings and reviews help people make informed decisions when considering whether to try out your app. Positive ratings and reviews can mean more downloads of your app, and customer feedback gives you insight into real world usage that helps direct future development efforts.
Delivering a great overall experience is the best way to encourage positive ratings and reviews, but it’s also important to ask for feedback at appropriate times. Keep these considerations in mind when asking people to rate your app.
Ask for a rating only after the user has demonstrated engagement with your app. For example, prompt the user upon the completion of a game level or productivity task.
Nowhere on that page are there any prohibitions against asking for five-star or positive reviews, and indeed, it's quite easy to find examples of high-profile apps asking for five star reviews, including Amazon (see example on the bottom of this page: http://leanmedia.org/amazon-removes-reviewer-emails-profiles...).
It's not hard to see the damage done by inflated or bogus user reviews: The unwary are more likely to download them, as is the case for this top-ranking utility sending browser history back to China.
[+] [-] walrus01|7 years ago|reply
https://www.cultofmac.com/311171/crazy-iphone-rig-shows-chin...
[+] [-] ballenf|7 years ago|reply
The value of the review can be diluted by encouraging reviews from actual users. Here, however, the user can't review behavior that is concealed.
[+] [-] waterside81|7 years ago|reply
[+] [-] sgt|7 years ago|reply
[+] [-] apeace|7 years ago|reply
[+] [-] phendrenad2|7 years ago|reply
[+] [-] rjvir|7 years ago|reply
[+] [-] ISL|7 years ago|reply
[+] [-] blacksmith_tb|7 years ago|reply
[+] [-] taobility|7 years ago|reply
[+] [-] codezero|7 years ago|reply
[+] [-] drb91|7 years ago|reply
[+] [-] eastendguy|7 years ago|reply
[+] [-] rodorgas|7 years ago|reply
What about other browsers?
[+] [-] makecheck|7 years ago|reply
The only real impact on Apple’s bottom line would be for the entire store to become so infested, relative to competitors, that people jump ship and stop buying expensive Apple hardware out of frustration. Apple is at least observant enough to avoid that; they’ve kept their store clearly better than competing stores but none of them is necessarily a great experience.
I strongly suspect that the convenience of payment processing is the primary reason for developers to put up with Apple’s too-random screening systems. If Apple were required to open up app payment processing to any number of payment services, and if they were relying on trusted 3rd parties to certify apps (perhaps based on category), we would see a very different app experience.
Distributing reviews to different authorities would also be hard. For example, if you had “security experts” handle screening for apps in a certain category, somebody could just write a sneaky app in a different, weakly-reviewed category to make it through the net into the store. Apple would almost have to create secure subsets of their entire API in line with app store categories, e.g. “you can’t even use network-access APIs for apps in this category” would be a very useful restriction. The other nice thing about this is that Apple would finally be free to not need certain expertise in-house; e.g. if you don’t have enough good people on staff who are qualified to assess the security risks of an app but you can find a trusted 3rd party that can, you can hire them to be that trusted authority and we can stop assuming that Apple is the best at handling everything by itself.
[+] [-] space00|7 years ago|reply
[+] [-] simonbh|7 years ago|reply
[+] [-] jordache|7 years ago|reply
[+] [-] rubicon33|7 years ago|reply
[+] [-] cecja|7 years ago|reply
[+] [-] JoshMnem|7 years ago|reply
https://www.wired.co.uk/article/avg-privacy-policy-browser-s...
https://www.makeuseof.com/tag/antivirus-tracking-youd-surpri...
[+] [-] drb91|7 years ago|reply