Developers have shown how downloading an alternative store via Safari on iPhone presents security vulnerabilities allowing users to be tracked and even infect their smartphones with malware.
Clearly, the opening of iOS in Europe after the entry into force of the Digital Markets Act is not easy. It is update 17.4 which introduces it to iPhones in the Old Continent. Among the new features, the one that allows you to install an application store other than the App Store is getting a lot of attention. A seemingly simple idea, but the realization of which seems to have been thought out in a hurry if we are to believe the discoveries of developers Talal Haj Bakry and Tommy Mysk. It only concerns the Safari browsereven in private browsing mode.
The summary of their findings is clear: “our tests show that Apple delivered this feature with catastrophic security and privacy flawss”. In question, the how the request for the installation of an alternative blind is managed. It is based on the use of a piece of program called MarkertPlaceKit.
Imagine that you arrive at a site that offers to download an app store. You click on a button which will trigger a MarkertPlaceKit request. It queries the store server and validates its installation or not. The problem is that any site can trigger such a request. This is where the trouble starts.
Downloading an alternative store via Safari on iPhone can be dangerous
By abusing the process, a site visited from Safari on iPhone can send the unique identifier created during the MarkertPlaceKit request to an alternative app store. By coordinating with several, the latter can easily track the user from site to site, which he should not be able to do. According to the two developers, “cThis is the perfect recipe for a malicious alternative store to track users across different websites. All it has to do is be approved by Apple. History shows that Apple’s review process is very flawed, as many fraudulent apps continue to end up on the App Store“.
There can indeed be malware on the Apple application store, just like on its Android equivalent. Besides, two other flaws discoveries leave the door open toinfection of iPhones with malware which would basically target the MarkertPlaceKit process or the servers of the alternative store. Until Apple fixes these vulnerabilities, Talal Haj Bakry and Tommy Mysk recommend using Brave. The browser incorporates a system preventing tracking described here. It’s already that.
Source: Mysk.blog