Few hours back, Russian security firm Kaspersky Lab reported that they’ve discovered a malware app called Find and Call in the Apple’s App Store and Google Play, which uploads users’ contacts to the developer’s servers , which in turn is used to sending text message to those contacts asking them to download the app with the original user’s mobile phone number in the “From” field.
Kaspersky reported earlier today:
Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store. It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago. But the main issue here is user’s privacy again. It’s not for the first time when we see incidents related to user’s personal data and its leakage. And it’s for the first time when we have confirmed case of malicious usage of such data.
As MacRumors points out, though the app was available around the world, it would have affected Russian users due to its use of the Russian language in the app description.
It looks like Apple has removed the app from the App Store as clicking on the direct App Store link in various countries is giving an error message now.
Though apps that access Contacts will need to get explicit user permission in iOS 6, we’re not sure how it will prevent such issues.
Apple will probably have to change the way it does app reviews to be able to catch such malicious apps.
Apple has responded to The Loop about the removal of the malicious spam app:
“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines,” an Apple representative told The Loop.