Companies like Google and Facebook reward hackers with monetary incentives for finding bugs and security holes in their software. Apple has taken the opposite approach. TG Daily reports that security researcher Charlie Miller was ousted from the iOS developer program after revealing a security flaw in iPhones and iPads. He discovered, and made public, that it’s possible to create an app for the App Store that passes all of Apple’s security sweeps but still downloads malware onto the device and does bad things. His app, called InstaStock and masked as a stock trading app, was able to access photos and contacts as well as make the device vibrate or play sounds, all of which are typically restricted on iOS.
“The user doesn’t know anything’s going on, it just looks like a normal app,” he says. “I can grab any file I want – here is, for example, the address book.”
Unfortunately, though it was necessary for his research, Apple did not take kindly to Miller uploading malware to the App Store. He was booted from the developer program despite the fact that he publicly stated that his app was for research and warned Apple of the hole in their system.
“OMG, Apple just kicked me out of the iOS Developer program. That’s so rude!” said Miller on Twitter. “First they give researchers access to developer programs (although I paid for mine), then they kick them out…for doing research. I thought they’d just remove the app and we’d still be friends.”
Apple has not commented on the situation.
- Apple iOS 11.2.2 update offers a fix to the Spectre security vulnerability
- iOS 12 and new MacOS may let Mac users download iPad apps
- Common iOS 11 problems and advice on how to handle them
- Music junkie? Here are the 25 best music apps for consuming and creating tunes
- Here’s how to enroll in the iOS beta program to get updates early