In yet another abuse of the enterprise distribution program, security analyst Lookout has identified apps (via TechCrunch) that were pretending to be published by cell carriers in Italy and Turkmenistan. The apps were available for iPhone users to download through Safari as they were signed by an enterprise certificate. These apps used carrier branding and pretended to offer utilities for the users’ cell plans when in reality they would ask for every permission they could to track location, collect contact, photos, and more, and had the capability to listen in on users’ phone conversations.
Apps using enterprise certificates are not available through the App Store, but malicious criminals can target iOS users through Safari (perhaps with a phishing attack-esque email) and get people to download the app over the web, outside of the purview of the App Store review process.
more…