14 DAY TRIAL // Unofficial apps stores that target users of non-jailbroken iOS devices have expanded their presence from the Chinese market and are now targeting users from multiple countries.
The reason why third-party hosted app stores exist is because Apple and Google strictly moderate, check, and approve every app they list on their stores.
Users who want to download and install applications that are clones of popular paid apps, are piracy-related, or show adult material, usually have to go to the app maker's website or unofficial app stores.
Third-party app stores abusing certificates to fake their real origin
While installing non-signed apps in Android is as easy as pressing a button, in iOS, if the device wasn't jailbroken (rooted), this process takes users through different steps. This process is also called app side-loading and was tolerated by Apple because some companies that deal with sensitive information needed a way to install apps from outside the original App Store.
The way Apple allows this is by specially issued certificates used to sign the side-loaded apps, and verify their source.
In the past, there have existed multiple unofficial iOS app stores that have used these certificates to power their business. They acquire the certificates from the underground black market, they steal certificates from legitimate businesses or register with Apple as a fake company themselves.
vShare expands to a broader audience
According to Proofpoint researchers, an unofficial app store called vShare, that originally operated only in China, has opened its doors to worldwide users, serving up to 15,000 iOS apps and over 400,000 Android apps.
Proofpoint claims that the website often changes certificates used to validate the apps it installs on its customer's devices to avoid being taken down by Apple.
Despite Apple making the process of side-loading apps much harder in iOS 9, not all users follow its advice and download potentially malicious applications. The cyber-security vendor urges users not to download apps from this store and other similar ones.
iOS app stores targeting users with non-jailbroken devices
Many iOS users mistakenly think that if their device is not jailbroken, they are safe from dangerous applications. Users should know that the only thing that distinguishes Apple from these other stores is its app review process.
The danger for iOS users is inside an application's code, not the fact that the device has or has not been jailbroken. The iOS operating system comes with powerful APIs that allow applications access to powerful functions that control the OS's behavior. It's only because of Apple's review process that these APIs are only used by trusted apps.
Apps coming from unofficial app stores could contain malicious code that could exploit these iOS API functions and in tandem with security vulnerabilities, infect the device with malware that has wide-reaching capabilities.
Even if users are using non-jailbroken devices, they should not side-load applications with a false sense of security, that Apple will protect them.
The Chinese Internet is like a walled garden and some Chinese websites often get away with things that western companies could never do. We'll now see if vShare's expansion has put the site on Apple's radar, and if Apple will manage to blacklist all its certificates faster than vShare can get new ones.
