Apple bans benign iOS spyware detection, security info app

Cupertino says 'potentially false data' could come from tool reporting on running processes

Apple has punted hacker Stefan Esser's app designed to highlight the security posture and running processes on iOS devices.

The app System and Security Info shows detailed data on the state of security including possible anomalies like injected libraries and the state of code-signing and AppStore binary encryption, and a breakdown of any installed jailbreak.

Cupertino wrote in a message to Esser (@i0n1c) that his app was torpedoed from the App Store because it "provides potentially inaccurate and misleading diagnostic functionality for iOS devices".

"Currently, there is no publicly available infrastructure to support iOS diagnostic analysis," Apple wrote.

"Therefore your app may report inaccurate information which could mislead or confuse your users."

Esser says it amounts to Apple not wanting to give "the impression iOS could have security holes".

App features:
  • CPU usage
  • Memory usage
  • Disk usage
  • Process list
  • Inspect running apps: SHA1 Hash, Signature, Entitlements
  • Jailbreak detection
  • Security anomaly detection
  • Malware detection

Esser, of German consultancy SektionEins, says the app was the only one on AppStore capable of showing running processes in iOS 9, adding it is capable of spotting iOS spyware that rely on modified public jailbreaks.

"The chance of detecting one of those is therefore high," Esser says.

The app did not exfiltrate data from devices.

Apple runs a hard line with security in an attempt to prevent tampering, and it is for this reason that it may be unsurprising that the app was taken down. ®


Biting the hand that feeds IT © 1998–2017