For the first time, according to Kaspersky Labs, security researchers have unearthed what appears to be malware on the Apple App Store. "Find and Call", a Russian-language app which touted contact list simplification, was discovered to be a little too interested in its users' contact lists. Security experts discovered that Find and Call would upload the victim's entire address book and GPS coordinates to a remote server, and then proceed to spam all of their contacts.
Apple quickly pulled the app, citing guidelines which prohibit app makers from uploading contacts to remote servers. However, this is not the first time an app from the App Store has quietly stolen address books from unsuspecting iPhone and iPad users.
Path, a popular social photo-taking app, was busted last year by an observant developer who noticed the app was sending more data to third-party servers than it should have. It was discovered that Path was actually storing contact lists on remote servers in order to suggest friends its users.
While Path responded appropriately and their intentions seemed mostly benevolent, users had no idea this was occurring. Following the discovery, Path modified their app to warn users of the behavior. Apple also responded by updating its developer guidelines; however, Apple has since been criticized for not uniformly enforcing some of those rules.
Love it or hate it, Apple's walled garden has seemingly had a positive effect on minimizing malware -- at least, so far. On the other hand, the Android Market (now known as Google Play) has been portrayed as something very different. Reports of malware on Google Play have been frequent and plenty, but Google has taken steps this year to clean up their app store.
