Only a few weeks ago, Apple quietly removed its traditional imperviousness to computer viruses from its “Why you’ll love a Mac” webpage. Until fairly recently, the fact that Apple products have largely avoided viral infections has been a major selling point, but its booming popularity both on the desktop and in mobile tech have left it increasingly vulnerable to digital misdeeds. And in spite of the many measures Apple takes to protect its app store from malware, last week one malicious app made its way past the goalie and became available to customers: Find and Call.
According to the security firm Kaspersky, Find and Call originated in Russia and is a Trojan that uploads a user’s phonebook to a remote server. When the app is opened for the first time, users sign in with an e-mail address and cell phone number, after which they’re asked to “find friends in a phone book.” The app then discreetly uploads contact data, and sends everyone in the user’s phone book a text message which reads: “Now I’m here and it’s easier to reach me with the help of a free application,” and contains a link to download the app. Naturally the text message in question appears to come from a trusted source.
This isn’t the first time Apple’s had issues with apps uploading private data in the background, though this is the first time it’s been done maliciously. As a result of both this and previous controversies concerning unapproved uploads, Apple announced that in a future update of iOS it will oblige apps to acquire explicit permission from users before it can access and upload a user’s data.
Of course, Find and Call can’t empty your bank accounts or steal your credit card numbers or sell your social security number, but malware is malware and the fact that this particular app made it past Apple’s gatekeepers is at least slightly settling. In any event, the best course is to remain vigilant: before downloading an app, read the reviews and check out other apps produced by the same company. Better safe than sorry!