Apple can’t stop the spread of malware

Bloomberg

Apple can’t protect users if they download apps from third-party sources.

NEW YORK (MarketWatch) — A new family of malware found in unauthorized mobile applications threatens Apple Inc. devices in China and other emerging markets, underscoring the risk of downloading apps for smartphones and tablets from third-party sources.

Apple AAPL, +0.05%  told MarketWatch Thursday that it has blocked the infected apps, which include popular games such as Sims 3 and Angry Birds. However, the black market for pirated apps is extensive, and that makes it very difficult for the tech behemoth — or anyone for that matter — to keep a lid on it.

Third-party applications don’t pose as much of a threat in the U.S. and other Western countries where Apple users tend to be loyal to the Apple App Store. But it has become a problem in emerging markets, where incidents of malware originating from third-party sites tend to be much higher.

This is because Apple users in emerging markets try to save money by purchasing unlicensed apps, or seeking apps that do not follow Apple’s iOS protocol, said CyberSponse CEO Joe Loomis. Pirated versions of apps from the official Apple App Store are often available for free on third-party sites.

Quashing the malware problem is difficult, said Ryan Olson, intelligence director at cyber security company Palo Alto Networks PANW, +3.05% because anyone can upload apps to third-party sites. Some of those sites can be trusted, he said, while others host pirated material and are far less secure. It’s difficult for major tech companies like Apple and Google Inc. GOOGL, -0.63%  to keep track of such sites.

Despite warning users about the dangers of downloading any files, including apps, from unaffiliated third-party sources, Olson said Apple and Google “can’t really stop” the spread of malware if users continue to download from unaffiliated sites.

“As always, we recommend that users download and install software from trusted sources,” an Apple spokesperson said in an email to MarketWatch on Thursday.

US:AAPL

$60$80$100$120

All 467 of the Apple-compatible apps uploaded to the Chinese Maiyadi App Store from April 30 to June 11 were infected with a new type of malware dubbed WireLurker, according to Palo Alto Networks, which exposed China’s malware problem in a 30-page report published Wednesday night.

Those infected apps were downloaded tens of thousands of times from Maiyadi, a third-party site, by Apple users during a two-week test period earlier this year, Palo Alto Networks said.

Apple and other tech companies will try to shut these sites down, Loomis said, but doing so is difficult because sites that engage in piracy are usually based overseas.

In fact, nearly all cases of iPhone malware have derived from third-party app stores, particularly one known as Cydia, said Greg Martin, founder and chief tech officer of ThreatStream.

Cydia is a third-party app store run by SaurikIT that is targeted toward “jailbroken” phones, or those devices whose operating systems have been cracked into by users, often so that they can personalize and customize their iPhones and add their own software.

Cydia calls itself an “alternative” to the Apple App Store. However, jailbreaking violates Apple’s terms of service and voids the device’s warranty.