Apple devices utilize a security technique called sandboxing, which isolates apps’ processes into their own protected environments so they can’t access certain parts of the file system that the manufacturer deems sensitive. But it’s possible for apps to circumvent this security mechanism via what’s known as a sandbox escape.
Sandbox escapes are often used by malicious apps that try to gain access to privileged information on your device, but in an interesting turn of events, it was recently discovered that certain banking apps being hosted in Apple’s own App Store now ship with their own sandbox escape, which according to TrollStore perma-signing utility lead developer Lars Fröder, lets those apps detect if TrollStore is installed.
This is interesting for a few reasons, but most importantly because Apple is supposed to vet apps before they’re allowed into the App Store. Granting a select few the ability to ship with a sandbox escape may be concerning to some users, and rightfully so. After all, if those apps are allowed bypass the sandbox by the manufacturer, then what other forms of sensitive data could those apps be tapping into?
The exact banking apps to be affected by this have not been pointed out by name, but the mention of the word “apps” leads us to believe that it could be more than one. Perhaps even more alarming is that the sandbox escape appears to be a 0-day, which means that it hasn’t been reported to Apple to be patched and that it still works on even the latest firmware at the time of this writing.
Apps have long been able to ascertain whether a user’s device was jailbroken to deny access to the app on such devices, but this the first time we’ve seen a sandbox escape being used to detect if TrollStore was installed on a user’s device. TrollStore isn’t a jailbreak, but it does harness a CoreTrust exploit to allow unsigned apps to be installed on a device permanently without the use of an Apple Developer account.
The most likely explanation for these apps shipping with a TrollStore-detecting sandbox escape is to prevent potentially compromised or vulnerable devices with TrollStore installed on them from accessing sensitive banking information on that same device. The banking companies will justify this action in the name of securing user information by preventing unsigned apps from exploiting the user during banking activities.
It remains to be seen if Apple will take any action against those apps utilizing sandbox escapes to detect TrollStore’s presence, as apps aren’t supposed to be bypassing the sandbox. As much as Apple doesn’t want its users using TrollStore, it also shouldn’t want app developers taking things their own hands and ‘hacking’ people’s devices to see what other apps and services they’re using.
What are your thoughts on this matter, and how do you think Apple should respond? Let us know in the comments section down below.