A China-based third-party app store has found a way to distribute repackaged iOS apps

Trend Micro, an IT security company, has discovered a China-based third-party app store that has found a way to distribute repackaged iOS apps. Haima abuses the Apple Developer Enterprise Program by feigning it’s an enterprise, which allows it to bypass the App Store's rigorous security controls and distribute iOS apps without undergoing Apple’s standard vetting and certification process.

In a span of two weeks, Haima already used five different enterprise certificates to distribute its repackaged apps.

In a span of two weeks, Haima already used five different enterprise certificates to distribute its repackaged apps.

This blog post by Trend Micro explains how Haima promotes repackaged versions of legitimate apps, including Pokémon Go and Instagram, on social media channels to entice trusting users to download the app outside of the official App Store. These apps have been found to inject fake location data, consume the user’s mobile data or expose personal information using adware.

Users are recommended to exercise caution when downloading apps from these app marketplaces, and to install apps only from the official Apple App Store. As repackaged apps can also carry malicious content, organizations are recommended to implement security awareness policies to prevent further distribution of these apps, such as blocking unapproved app stores and safeguarding personal devices used in workplaces.

To deter scammers from cracking and repackaging their apps, Trend Micro recommends that iOS app developers can employ mechanisms such as multi-pass checks, malformed Mach-O binaries, and code obfuscation. Developers can also implement validation of client code signature, which can help keep sensitive information from being leaked.