|
Tricking Apple with disguised apps
It's stories like this that makes me love my N900 and Maemo even more and more.
http://gizmodo.com/5592521/how-a-guy...-tethering-app One could think that when people take measures like these they should perhaps consider another device altogether... |
Re: Tricking Apple with disguised apps
how can something like that slip through testing? does apple have worse QA than maemo extras? :D
|
Re: Tricking Apple with disguised apps
Thats pretty cool on his part. :D
|
Re: Tricking Apple with disguised apps
Well, apparently you had to press the colors blue, yellow, red (in sequence) to activate the true app. Perhaps not very easy to discover, I guess. I'm also guessing Apple QA doesn't really lay that much effort into testing another flashlight app.
|
Re: Tricking Apple with disguised apps
Quote:
But aren't you seeing some massive security issues with "another [insertsomecommonapplicationhere] app"? Where are the boundaries if the kid could alter system settings? I hope for everyones sake that there are automated tools to check each app for malware.... |
Re: Tricking Apple with disguised apps
My understanding is that automated code scanning is part of the testing they do for each app.
More importantly, why did they even approve such a seemingly pointless app? I'm sure the iphone has no shortage of such apps. |
Re: Tricking Apple with disguised apps
Quote:
|
Re: Tricking Apple with disguised apps
Quote:
Quote:
|
Re: Tricking Apple with disguised apps
Just out of interest, I know it's open source but could this happen to N900 apps, does the code get checked in new applications?
Could anything (malicious?) slip in by obscurification? Could the 'compiled' version on extras differ from the source code made available? What checks are in place? Not trying to be funny, just interested! |
Re: Tricking Apple with disguised apps
Quote:
http://wiki.maemo.org/Help_testing_software |
Re: Tricking Apple with disguised apps
Quote:
There's no shortage of rants against Apple's 'censorship' in the AppStore approval policy. <implying hardship to get into the AppStore; limiting the selection/quantity?> There's also no shortage of rants against the sheer number of apps in Apple's AppStore. So which is it? On a serious point; if this thing happens in Ovi Store (or maemo/MeeGo repos), how should the crufts be 'censored' so they don't see the light of day and unnecessasrily 'bloat the apps numbers'. |
Re: Tricking Apple with disguised apps
Quote:
|
Re: Tricking Apple with disguised apps
Unless the app is non-free the source is the same, once uploaded into extras-devel auto builder you can't modify the code for that version at all as it goes through our QA process.
The code is usually looked at by those of us that are curious. That being said, it is always a possibility. I'm sure any issues would be found out quite soon and we don't deny apps, even if your mobile operator might have issue with it. The iPhone and the ability to tether to an external source is something of a damaging app as Apple tell operators to charge an extra dataplan charge for that service (for some uknown reason) ... Even if you don't understand progranning, you're also free to look at the code your self. I'm sure even a non-programmer would be able to see something neferious. |
Re: Tricking Apple with disguised apps
Unless packages are uploaded as src to an autobuild+package facility, is there a quick and simple way to verify that the binaries submitted are bulid from the referenced sources?
|
Re: Tricking Apple with disguised apps
LOL watched this and laugh my arse off.
*Nobody want to hear it from a black guy* LOL http://www.youtube.com/watch?v=VMl_7...layer_embedded * I literally blew away from the phone * http://www.youtube.com/watch?v=CMLKd...eature=related |
Re: Tricking Apple with disguised apps
@maxximus: haha YES! those vids were funny
|
Re: Tricking Apple with disguised apps
Huh, so they don't examine the source? I'm surprised the app store hasn't been overrun with malware in that case.
|
Re: Tricking Apple with disguised apps
Quote:
An easy way to handle this is for the creator to compile it, make a hash (MD5, SHA1) and publish it together with the source code. This is often used to check that packages that are to be installed came through download intact. Then you can yourself check the binary that you've downloaded. But, keep in mind that you need to trust the hash maker and that the same source can be compiled differently, but correctly, by two different compilers. |
Re: Tricking Apple with disguised apps
The comments to that blog post are tragicomical. They remind me of the brainwashed citizens of the USSR that came to visit, closely monitored, as part of an international dance festival. They really couldn't believe that there was more freedom outside the "wall"...or that the supermarkets weren't massive PR hoaxes to fool them...etc.
|
Re: Tricking Apple with disguised apps
Quote:
Quote:
|
Re: Tricking Apple with disguised apps
it is pretty good to notice that some people are also concerned about M5 software and security. a while ago there was massive havoc of questions how to install an app downloaded from www.porn.warez.ru -kind of places...
|
Re: Tricking Apple with disguised apps
@ysss
This is truly apples and oranges. There is no need for subterfuge anywhere else but the App Store because every other platform gives you repository choices. And thus, this wouldn't be news anywhere else except at Apple's app store. |
Re: Tricking Apple with disguised apps
Android's turn... this one sounds quite a bit more malicious:
http://www.ubergizmo.com/15/archives...onal_data.html Quote:
|
| All times are GMT. The time now is 16:01. |
vBulletin® Version 3.8.8