Apple on Masque Attack: 'just use the App Store'

Earlier this week, we told you about Masque Attack, which let hackers sideload apps onto your iDevices. Often without you even realizing it, an app was loaded, and scary people somewhere else could gain access to your information. The app loaded may not have even been the app you were looking for when you followed the link, either. Now, Apple has issued a response to the report. We gotta say, it's about what you'd expect from Apple, and full of common sense, too.

A quick refresher about Masque Attack: it's only going to affect you if you do the wrong things. Typically, a user is sent an SMS about something neat, like a game. That message has a link, which a user may follow. In clicking the link, an app — possibly not even the game or whatever you were looking to get — may be downloaded. In the example given, a Gmail app was spoofed, leaving you using a bootleg Gmail app that gave up all kinds of info.

Speaking to iMore, apple had the following to say:

We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website.

Apple says they're not aware of any users who have actually been affected, but Masque Attack was meant for just that purpose. It might not be recognized by the user or device if something was going on behind the scenes.

Those of you on iOS might be new to this kind of thing, but it's another page you can pinch from the Android playbook. If you get some weird text message about an app, don't click the link. Also, don't visit weird app portals. Download all your stuff from the App Store, and you'll be fine.

Via: iMore