Immediately after spyware-maker Connexxa’s infamous app “Assistenza SIM” was caught abusing the iOS enterprise certificate to bypass Apples App Store guidelines, the iPhone-maker revoked its enterprise certificate, making it un-installable on iOS devices.
Security researchers at the US-based IT security company, Lookout, revealed that the app could steal contacts, videos, photos, real-time location data from users’ devices and tap their phone calls as well, The Verge reported on Monday.
The iOS enterprise certificate, that is meant “solely for the internal distribution of apps within an organisation” otherwise, allowed the “Assistenza” app to bypass the Apple certification and stay accessible for downloads through phishing sites outside the App Store.
Details on exactly how many users were targeted by the app and how much information was accessed remain undisclosed.
In 2018, the app was discovered on Android with root access to the smartphones of several users.
Before the app was brought into Google’s notice and removed from PlayStore, the spyware developers could read Wi-Fi passwords, emails as well as data from apps like Facebook, Gmail, WhatsApp, Viber and WeChat.
All this time, the developers have been disguising the app to pretend to be carrier of helpline apps from Italian and Turkmenistani mobile operators, which could help users get in touch with them.
Raising questions on Apple’s pride over its security measures and App Store policies, a bunch illicit apps that use enterprise certificates offer pirated content, porn, gambling and all kinds of materials.
Recently, Facebook gathered Apple’s attention when it began paying people to install a “Facebook Research” Virtual Private Network, which collected user’s private phone and web data without their consent.
Google was also found to have been running a similar programme and in response, Apple briefly revoked the certificate used by Google and Facebook to push updates on their apps, the report added.