In recent months, iPhone programs for streaming piracy have been sold several times through Apple’s App Store. The relevant functions appear to have been loaded into apps that initially appeared harmless – a technique that is generally allowed, but can also be abused.
Advertisement
Harmless app distributes stolen streams
The last known app of this kind was called “Collect Cards” – and it even topped the rankings of free programs in several countries. Like 9to5Mac ResearchReact Native was used, which is a JavaScript-based cross-platform framework. With the help of Microsoft’s CodePush SDK, it is possible to change parts of the app without submitting updates to the App Store.
CodePush itself is not banned according to Apple’s app review guidelines. The developers also use geodata: the possible location of the user’s IP address is checked to ensure that the piracy share is not reuploaded to Apple’s headquarters. “Collect Card” turned a harmless card collection app into an offer that delivers series, movies and more from well-known streaming providers to users. A hidden interface was revealed for this purpose.
Geofencing against Cupertino
The geofencing trick isn’t actually new; ride-hailing company Uber is also said to have done it years ago – and disabled the problematic tracking function in Cupertino. Apple is going all in here with a comparatively small team: 2021 data says a team of 500 people has to analyze up to 100,000 apps every week. A lot of it is automated. CodePush – at least in theory – could also be used to reload malware or fraudulent offers that are restricted to apps. 9to5Mac found an entire GitHub repository containing the code for several pirate streaming apps.
The “Collect Cards” are said to include content from Amazon Prime Video, Disney+, Netflix, HBO Max, and even Apple TV+. Initially it seemed like the pirate part was only activated in Brazil, but later other countries were activated as well.
(B.Sc.)
