Top Pirated App Store for Non-Jailbroken iOS Devices
December 24, 4: Thought to be run by Chinese owners located in Shanghai , the vShare App Market has officially been in operation since and is recognized in some jailbreaking circles as a go-to source for free apps. The service recently gained notoriety for compatibility with non-jailbroken iPhones and iPads running iOS 8 and above. Like other recent pirated app services , vShare is built on Apple’s enterprise licensing technology.
Is Vshare App Legal And Safe To Use?
MDM assessments showed that these devices were not jailbroken. The rogue app store even allows paid apps to be downloaded for free. This analysis focuses on vShare, a rogue app marketplace that has existed for several years serving apps for use on Android devices and on jailbroken iOS devices.
The ability to download iOS apps to non-jailbroken iOS devices from a DarkSideLoader marketplace places consumers and corporate employers at risk. These apps can make use of private iOS APIs to access operating system functions that would not be permitted by apps that have been vetted by Apple for publishing on the official app store.
These apps could also use known or zero-day security vulnerabilities that could lead to devices being jailbroken or granting administrator privileges to these illegitimate apps. The example of Android apps demonstrates the potential of this threat. Proofpoint researchers have studied both the Android and iOS app marketplace that is accessed by the vShare DarkSideLoader marketplace app.
On Android, we have found attempts to root devices, install apps without user permission, and communicate to known malicious sites on the Internet. Circumventing the official Apple app store vetting process makes it possible to download apps that could act as Remote Access Trojans, allowing attackers access to mobile devices of employees when they are active on internal corporate networks. While researchers have previously documented instances of rogue app stores targeting non-jailbroken iOS devices, these marketplaces appeared to be only accessible to devices accessing them from a Chinese IP address.
This technique also makes it possible to load onto the iOS devices configuration profiles that would allow an attacker to configure VPN settings to redirect network traffic to their man-in-the-middle nodes, as well as change various OS settings Fig. An iPhone configuration profile that is installed by vshare app marketplace What is sideloading? Sideloading is the process of downloading and installing apps onto a mobile device from a source that is not an official consumer app store or a valid enterprise app store.
On Android devices this can be done by enabling the settings to download apps from unknown sources in the general device settings.
On iOS devices installing unapproved apps was previously only possible by jailbreaking an iPhone or iPad. However, the DarkSideLoader technique allows sideloading of apps through the use of a fraudulent or stolen enterprise app distribution certificate coupled with app re-signing.
How is it possible to create and operate a DarkSideLoader app store? On Android, downloading apps from unofficial apps stores simply requires that these app stores request that the user enable the ability to download apps from stores other than Google Play. This downloads the com. The app has been signed with an Enterprise App distribution certificate, issued by Apple.
These certificates are normally issued to enterprises that want to operate their own internal app stores for employees. Clicking on a link on a website hosting links to the malicious app store downloads a DarkSideLoader app Fig. In iOS 7 and 8, when the user clicks on the app to run it, they are asked if they want to trust the publisher Fig. Figure 2: Installing the vShare downloader app Figure 3: An enterprise certificate will be installed and trusted on the device, allowing the app to run in iOS.
The app can also download other apps. Figure 4: An enterprise app distribution certificate and the apps that have been installed on an iPad from the rogue marketplace under this certificate On iOS 9, clicking on the app will not bring up the Trust button.
Rather the user must open the Settings app on the iOS device, and click on Profiles. From there they click on the publisher name and select Trust. Recognizing that iOS puts up greater barriers to accidentally downloading apps from DarkSideLoader stores, the rogue app marketplaces provide helpful and easy-to-follow guidance on how to do make the necessary trust settings changes Fig. Figure 5: Instructions to end-user for enabling trust of apps from unofficial app stores Figure 6: Instructions to end-user for enabling trust of apps from unofficial app stores Figure 7: Instructions to end-user for enabling trust of apps from unofficial app stores When the user chooses to download an app from a DarkSideLoader marketplace, the marketplace app downloads the selected illegitimate app to the phone.
The marketplace digitally re-signs the app with the enterprise app distribution certificate. Because that enterprise is trusted on the iOS device, those apps will run just like an app downloaded from the legitimate Apple app store. A rogue app marketplace using the DarkSideLoader technique has implemented a large scale app re-signing capability.
Legitimate games and other apps are decrypted, modified, and re-signed with an enterprise certificate for download by users of the rogue app marketplace. Figure 8 shows the contents of a vShare marketplace app to a non-jailbroken iOS device Fig. Figure 8: If these marketplaces pose such a risk, why would anyone consider downloading apps from them? Experience with Android apps shows that users, or their children, may choose to access a rogue app marketplace in order to download games, wallpaper and other media without paying for them.
They can also access apps that give them access to streamed movies and other content, and productivity apps without payment. There are also apps available that are not available on the legitimate Apple app store, such as for pirating content and downloading BitTorrent files.
The vShare marketplace claims 1M apps are available. Proofpoint has found over 15, iOS apps available through this DarkSideLoader site, compared to over , apps available on their Android side loading service. The site claims over 40M users, and Proofpoint investigations indicate that approximately 25 percent of the users are on iOS devices.
Offering free downloads of popular, paid apps represents an attractive lure to draw people to a DarkSideLoader marketplace and entice them to click. The top-ten paid apps on the Apple App Store are all available for free on the vShare marketplace, including well-known titles such as Minecraft and Geometry Dash. Other popular paid iOS apps offered as free downloads by this market include games such as Grand Theft Auto: San Andreas and Clash of Clans, as well as business productivity apps from publishers including Adobe and Microsoft and apps for pirating movies such as MovieBox.
Figure 9: Apps available from rogue app marketplace Users who access these markets may think that they are safe to download these apps because their mobile devices are not jailbroken and the apps appear to come from reputable publishers. What they do not realize is that these apps could be designed or modified to include malicious code. Fraudulent enterprise app certificates and DarkSideLoader marketplaces There are several ways that rogue marketplaces can obtain an enterprise app distribution certificate.
Fraudulently obtain a certificate by creating a fake company. Operators of DarkSideLoader marketplaces can create a convincing fake company and use a stolen credit card to get a certificate issued. They will need to have a phone number and email address.
Fraudulently obtain a certificate by imitating a real company. In this attack, the operator uses the website information of an existing company to pretend to be an employee of that company, and get Apple to issue an enterprise iOS developer account and enterprise app distribution certificate.
Stolen credit cards can be used to pay the issuance fee. Steal a certificate from a company that has one. In this attack the operator phishes the apple developer website credentials of a company that creates legitimate iOS apps. There are hundreds of thousands of legitimate iOS app developers. When the attacker has the login credentials of an app developer, they can log into their account and either request a new enterprise app distribution certificate, or download a copy of one that already exists.
Several enterprise app certificates are being used by the vShare app marketplace. Previous analysis shows that certificates have typically been from Chinese companies; however, new research shows that fraudulent certificates are now being attributed to companies in other countries. When a new DarkSideLoader marketplace is found, Apple revokes the enterprise app distribution certificate.
This will prevent new users from downloading the marketplace app and subsequent illegitimate apps. Over a period of weeks as iOS devices check certificate revocation lists, the illegitimate apps that they have downloaded will cease to function and they will have to re-download them.
However, we have seen that rogue marketplace operators are able to obtain multiple enterprise app distribution certificates. For example, the vShare marketplace has used numerous certificates in recent months; when these were no longer valid, new ones replaced them. Business drivers for rogue app marketplaces There is a simple reason why rogue app marketplaces exist and are now making it easy for people to download free apps and content using DarkSideLoader techniques: These app stores make money by showing advertisements to users.
One such service is VEarnDollar. Another option could be for these stores to embed malicious code, such as remote access Trojans, into otherwise legitimate apps and sell that access to attackers who want to infiltrate enterprises or government agencies.
In fact, analysis of the vShare marketplace for Android has already shown apps trying to root devices and install other apps without permission. Since they have operated in marketplaces distributing apps for jailbroken and rooted devices. The ability to offer app downloads to non-jailbroken devices through enterprise signing certificates substantially expands their marketplace presence.
The marketplace domain has been registered for more than seven years, but traded among owners. The current owners have been on this domain since October 14, We believe that the domain was transferred to a Chinese intermediary in May This intermediary waited over one year before transferring the domain to the current operators of an active DarkSideLoading marketplace in mid-October The person who is listed as the contact for vshare[.
The vshare[. In short, consumers should not trust or use rogue app marketplaces, even with non-jailbroken iOS devices. Enterprises should deploy purpose-built solutions that can detect the presence of apps from DarkSideLoader marketplaces.
Scanning the legitimacy of apps, looking for rogue app marketplace downloaders, and scanning for known DarkSideLoader enterprise certificates are the most effect means of limiting the potential impact of rogue apps in enterprise environments.
Join Us on Facebook :
Pinterest Nowadays, smartphones and tablets are the most useful tools, as they help us communicate with each other, entertain ourselves, access the Internet at any time, and even learn. However, to do all that, we need apps, and, while the majority of apps are available for free, some of the most interesting applications for both Android and iOS are coming for a price. For many people, paying for apps is too much. Luckily, on Android and iOS, there is an app that allows us to install paid apps for free — Vshare. But, one question arises here — Is Vshare App legal and safe to use? As mentioned above, Vshare is useful for installing paid apps for free.
VIDEO: Apple quirk lets pirates build a giant store of fake iPhone apps
TuTuApp is an app designed for Android and iOS devices which let you No jailbreak required; Safe to download and use; Choose from millions of Vshare is the best app for downloading the hacked app. if you know that. vShare is one of the original app installers, one that was first available through Cydia put it through some pretty rigorous testing to make sure it was safe to use . The threat of pirated apps from rogue app stores for your iPhone or iPad apps on the store have largely been seen as safe to download due to Apple’s One such rogue marketplace quoted in the research is vShare, the top.