In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services.

Some of the reporting has been wondering how this was possible, but anyone with knowledge of iOS enterprise deployments knew what was going on. The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users.

This “newly discovered” method represents one of the methods to get malicious/fake apps onto the iOS devices. However, because the iOS sandbox has not been compromised, what each app can and can’t do is rather limited. The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem.

Read the rest of this entry »