This new iOS tool could be a malware nightmare for iPhone users — how to stay safe

A person touching the screen of a white iPhone while holding it with the other hand
(Image credit: Shutterstock)

A new iOS tool called TrollStore makes it easier to get apps onto your iPhone, even if they're not from Apple's App Store. At the same time, it could finally allow cybercriminals to break into Apple’s walled garden and distribute malware to iPhones.

According to a blog post from the mobile app security firm Guardsquare, TrollStore enables users to permanently install any app onto a non-jailbroken iPhone. While TrollStore easily allows iPhone users to install modded apps, cybercriminals could also leverage it to add malicious code to these apps.

First released at the beginning of September, TrollStore uses two recently discovered iOS vulnerabilities (tracked as CVE-2022-26766 and CVE-2021-30937) to gain root privileges on an iPhone and sign modified applications.

Fortunately, both vulnerabilities have since been patched and upgrading to iOS 16 can help you avoid falling victim to any possible attacks. At the same time, TrollStore has the potential to wreak havoc on older iPhones and iPads that haven’t yet been updated with the latest software from Apple.

Sideloading apps on iOS

With one of the best Android phones, it has always been possible to sideload apps by downloading and installing an APK file. While this can be convenient for organizations that develop and distribute custom apps to their employees, sideloading apps can be quite dangerous for ordinary users.

Sideloading apps on iOS has always been much more difficult due to Apple’s policies which is why jailbreaking exists. When you jailbreak an iPhone, you gain full access to the root of the phone's operating system and are able to access all of its features. This includes being able to install apps that are not on the App Store.

The reason TrollStore will likely be popular is due to the fact that it enables users to install modified apps without having to jailbreak their devices. However, this also makes things more difficult for app developers who often use jailbreak detection to ensure their apps aren’t repackaged by an attacker.

How to stay safe from modified iPhone apps

App Store

(Image credit: Shutterstock)

As we mentioned above, the easiest way to stay safe from modified iPhone apps is by updating your devices to the latest version of iOS. In order to work, TrollStore uses two iOS vulnerabilities that were patched with the release of iOS 15.2 and 15.5.

Even if you only download apps from the App Store, you could accidentally download a modified IPA file and install it on your iPhone the way you would with an APK file on Android. By upgrading to iOS 16 though, you won’t be able to install the file on your device.

Although you may know the dangers of downloading and installing third party apps from unknown sources, your children may not. For this reason, you also could consider adding one of the best parental control apps to their devices so that you can know exactly what they’re downloading online.

Now that TrollStore has been released for iOS 14-15.4.1, the tool’s creators are likely already looking for new vulnerabilities in order to bring their unofficial app store to even more Apple devices.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • Shadow6ice
    Hahaha in all my jailbreaking years never had a prob installing a 3rd party ipa now that I’m not Jailbroken I’ll continue to install whatever I please it’s my phone and I know I’m in no danger thank you very much also your post is terrible