Before linking an account, be sure the app you’re using is legit.

  • SimpleDev@infosec.pub
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    I used Apple for the last few years until recently and I can’t say I’ve ever really noticed stuff like apps faking being another app. That’s not to say it doesn’t happen of course.

    I do know the Apple app approval process is definitely more strict than what is required for the Play Store.

    I’m not very experienced with Apple or Android development so I’d be curious to hear from devs that use both platforms as well.

    • ShunkW@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      My experience is from years ago, but the vetting process seemed about the same for both when I was working on an app. The initial publish process takes forever. The update process through Apple was much simpler and that used to be a successful attack vector.

      Since you rarely get feedback from updates, it’s hard to say if Google was as vulnerable, but I’ve heard that the update scheme is still a thing. Publish a legit app then push malicious updates.

      • SimpleDev@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Interesting, thanks for the info!

        I wasn’t aware of the update process being used as an attack vector (if it’s still a thing) gonna have to read up more on that.