93% of Top Apps Vulnerable to Repackaging Attacks

In alignment with new EU regulations, Apple is introducing the capability for the installation of applications from third-party sources, a move that has raised concerns among experts following the publication of a report on the security of iOS applications.

In their report, Promon scrutinized the resilience of iOS applications against attacks via repackaging, wherein malefactors modify an app for unauthorized execution on devices. The study encompassed the 100 most downloaded apps worldwide, with their cumulative download figure surpassing 4.7 billion over the past year.

The findings revealed that, out of the 100 apps, 93 (93%) were launched in a repackaged form. Among the 7 (7%) that did not launch, 2 applications crashed for reasons unrelated to repackaging detection. The remaining 5 apps crashed due to undetermined reasons, which may include repacking detection.

Promon cautions that the introduction of sideloading on iOS opens vast avenues for a new wave of malware, Trojans, and counterfeit applications. Promon emphasizes the need for Apple to bolster app repackaging prevention strategies to minimize the proliferation of fake applications.

The report also highlights that the encryption of apps distributed through the App Store can be relatively easily circumvented. A malefactor simply needs to run an encrypted app on a device, after which it can extract and modify its unencrypted contents. This trend underscores the feasibility of decrypting applications in modern versions of iOS and calls for developers not to rely solely on the App Store’s DRM as the primary means of app protection.

Given all the changes and potential threats, Apple users in the EU should exercise caution, meticulously selecting apps for download, deleting unnecessary ones, and promptly installing the latest iOS updates to mitigate security vulnerabilities.

By the European Digital Markets Act (DMA), by March 5, 2024, Apple is mandated to allow the use of third-party app stores or the installation of apps bypassing the App Store. The Digital Markets Act (DMA) is legislation aimed at curbing the monopoly of tech giants. The legislation’s goal is to enhance competition in the sector by eliminating some of the dominant players’ advantages and facilitating competition for startups.