Apple removes apps from store that could spy on your data traffic
9 October 2015 | 0
It is possible in some cases to interfere with an encrypted connection. Many enterprises that want to analyse encrypted traffic for security reasons will use SSL proxies to terminate a session at the edge of their network and initiate a new one with their own digital certificate, allowing them to inspect traffic for malicious behaviour.
In that scenario, employees would likely be more aware or expect that kind of monitoring. But people downloading something from the App Store probably would have no idea of the access granted to their sensitive data traffic.
Apple checks applications to ensure that malicious ones are not offered in its store. Those checks are in large part the reason why Apple has had fewer problems with malicious mobile applications in its store.
Installing digital certificates isn’t itself a malicious action per se, but Apple may be concerned that users are not fully aware of the consequences of allowing an app to do so.
Apple published a new support note that describes how to delete an app that has a configuration file, a sign a digital certificate has been installed. But without naming the apps, most consumers may not know what to delete.
IDG News Service