This new iOS tool could be a malware nightmare for iPhone users — how to stay safe
Sideloading iPhone apps just got easier but they could infect your device with malware
A new iOS tool called TrollStore makes it easier to get apps onto your iPhone, even if they're not from Apple's App Store. At the same time, it could finally allow cybercriminals to break into Apple’s walled garden and distribute malware to iPhones.
According to a blog post from the mobile app security firm Guardsquare, TrollStore enables users to permanently install any app onto a non-jailbroken iPhone. While TrollStore easily allows iPhone users to install modded apps, cybercriminals could also leverage it to add malicious code to these apps.
First released at the beginning of September, TrollStore uses two recently discovered iOS vulnerabilities (tracked as CVE-2022-26766 and CVE-2021-30937) to gain root privileges on an iPhone and sign modified applications.
Fortunately, both vulnerabilities have since been patched and upgrading to iOS 16 can help you avoid falling victim to any possible attacks. At the same time, TrollStore has the potential to wreak havoc on older iPhones and iPads that haven’t yet been updated with the latest software from Apple.
Sideloading apps on iOS
With one of the best Android phones, it has always been possible to sideload apps by downloading and installing an APK file. While this can be convenient for organizations that develop and distribute custom apps to their employees, sideloading apps can be quite dangerous for ordinary users.
Sideloading apps on iOS has always been much more difficult due to Apple’s policies which is why jailbreaking exists. When you jailbreak an iPhone, you gain full access to the root of the phone's operating system and are able to access all of its features. This includes being able to install apps that are not on the App Store.
The reason TrollStore will likely be popular is due to the fact that it enables users to install modified apps without having to jailbreak their devices. However, this also makes things more difficult for app developers who often use jailbreak detection to ensure their apps aren’t repackaged by an attacker.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
How to stay safe from modified iPhone apps
As we mentioned above, the easiest way to stay safe from modified iPhone apps is by updating your devices to the latest version of iOS. In order to work, TrollStore uses two iOS vulnerabilities that were patched with the release of iOS 15.2 and 15.5.
Even if you only download apps from the App Store, you could accidentally download a modified IPA file and install it on your iPhone the way you would with an APK file on Android. By upgrading to iOS 16 though, you won’t be able to install the file on your device.
Although you may know the dangers of downloading and installing third party apps from unknown sources, your children may not. For this reason, you also could consider adding one of the best parental control apps to their devices so that you can know exactly what they’re downloading online.
Now that TrollStore has been released for iOS 14-15.4.1, the tool’s creators are likely already looking for new vulnerabilities in order to bring their unofficial app store to even more Apple devices.
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.
-
Shadow6ice Hahaha in all my jailbreaking years never had a prob installing a 3rd party ipa now that I’m not Jailbroken I’ll continue to install whatever I please it’s my phone and I know I’m in no danger thank you very much also your post is terribleReply