Researchers upload malware to Apple app store

Photo courtesy Flickr user VancityAllie

(MoneyWatch) Conventional wisdom holds that while Android's app store is more agile, it is far more susceptible to malware. Apple, on the other hand, screens all the apps headed for iOS, so it's relatively secure.

And that general assessment might still be true, though Georgia Tech recently demonstrated that Apple's app screeners are relatively easy to fool. Indeed, researchers were able to get a particularly nasty example of malware into the store.

A Georgia Tech team created an app that, on first run, appears benign, but quickly reconfigures itself into malware that's capable of steaming contacts and sending emails, taking photos, sending tweets, and even redirecting Chrome to a page with additional malicious software.

The app was approved and landed in the app store. Because, researchers say, the app was only tested for a few short seconds, not long enough for the app to modify itself and reveal its true agenda.

Georgia Tech says that the app was quickly removed from the store by its creators and no one except the team responsible downloaded the app.

Apple has already acknowledged the intrusion and has said that it has made some changes to its processes in response to the Georgia Tech results. That said, the specific processes are confidential, so it's unclear what changes were made.

Perhaps the biggest surprise from this study is the brief amount of time that testers spend with any given app before approving it -- just seconds.

These results don't really change the dynamic between Google Play and the Apple app store, but it is a reminder that no review process is foolproof, and the potential for malware on your devices increases as time goes on. Consider installing anti-malware software on your mobile device, whether it's iOS or Android.

Photo courtesy Flickr user VancityAllie