Apple Removes Apps That Expose Encrypted Traffic

2015-10-09T14:23:12
ID THREATPOST:192EB5F12113ABB223BD43204741341E
Type threatpost
Reporter Michael Mimoso
Modified 2015-10-19T13:18:01

Description

Apple has purged its App Store of a number of apps that expose encrypted traffic via the installation of root certificates. Apple has declined to name the apps.

“Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” Apple said today in a statement on its website. “This monitoring could be used to compromise SSL/TLS security solutions.”

A request to Apple for further comment was not returned in time for publication.

Apple also suggested that in addition to deleting the apps in question, users should also be sure to delete the apps’ respective configuration profiles.

The offending apps not only installed root certificates, but some that were removed reportedly also provided ad-blocking capabilities in Safari and other apps such as Facebook.

One of the apps apparently is Been Choice, which via a root cert it installs, can block ads inside apps.

> Been's Choice app was pulled from the App Store. We'll remove ad blocking for FB, Google, Yahoo, and Pinterest apps <http://t.co/5tMWWMgSOK> > > — Been® Choice (@beenchoice) October 9, 2015

The app’s behavior, however, is similar to how Lenovo’s pre-installed Superfish utility facilitated man-in-the-middle attacks. In the case of Been Choice and the other apps pulled today, the root certificate compromises SSL/TLS connections, putting supposedly secure data at risk to attack.

Apple, meanwhile, has introduced its Content Blocker app extension in iOS9 and in El Capitan for OS X. If enabled, the extension will block ads and many other content types from being displayed in the browser.