Check your iPhone now
It says something for Apple’s reputation that a new warning of malicious App Store apps caused such a furor. As I reported Tuesday, iPhone apps were caught stealing photos and sending them back to their handlers. Kaspersky, which raised the spyware alarm, noted “this was the first time a stealer had been found in Apple’s App Store.”
More apps infected with the same malware were found in Android’s Play Store, but Apple was the story as it was seen as a rarity. Apple has confirmed the 11 dangerous apps have been removed its App Store. But this isn’t as new as it might seem. The same dangerous code was found in a further 89 apps removed or rejected in the past — those developers have been banned. This should be a wake-up call for anyone assuming Apple alone is safeguarding your phone and your data — you need to do your bit as well.
While Google’s Play Store report was widely picked up last week, Apple’s policing of its own store was also detailed last year. Google “prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps,” and Apple’s stats are no less stark an illustration of today’s threat landscape.
Some 2 million apps rejected for failing to meet Apple’s policy hurdles on privacy and security, or for peddling spam, or for potentially fraudulent activities in 2023. Just as with SparkCat — the crypto stealing, photo reading malware found by Kaspersky, the best way to stay safe is to focus more on the permissions you grant the apps you install.
It’s remarkably easy to police this on your iPhone — and you should do this now for the sake of five minutes. Search for “App Privacy Report” on your home screen, and then take a whirlwind tour of all the ways you’re being tracked by the apps you use and the websites you visit. I’m sure most of you have never opened this report. Do so now.
At the top you can see which apps have accessed sensitive data and sensors on your iPhone —for example you location, contacts, camera, microphone, and your photos of course. You can see how often this took place and even time stamps. You can also see how often each app connected with a third-party platform or service — for which you can read data harvesting. You can see the trackers being used and there is also a check as to when you’re tracked between apps. All this data requires you to have this report enabled — you certainly should, and you do so from that same settings page.
Just for fun, the report will also show the most active tracking domains. Spoiler alert — most of the top ones will likely belong to Google or Meta/Facebook. If you see an app with unusually nosy behavior, consider just deleting it.
Apple says the “App Privacy Report is designed to give you more visibility into how apps access your data. If an app appears to be accessing your data in a way or at a time that you didn’t expect, you can update your privacy settings or revoke permission,” and you should also do that. If there is a rogue app on your iPhone going where it shouldn’t, this is a start to finding out. It will also help you keep in mind the regular warnings we give as to the data being collected from your phone each and every day.
As for SparkCat and the non-zero risk that iPhone apps might be dangerous, the same golden rules apply to iPhones as to Androids. Don’t install lots of trivial apps you don’t need; be wary of the permissions you grant; and delete apps once you stop using them. Every app is a potential data leak from your phone — the less the better.
