[bobsam]

But why not? This is not some complex exploit, just standard JavaScript.

I saw the same attitude after the xcode backdoor. "There is no reason to believe any personal data has been affected", well if apple didn't even knew this thing existed how could they possibly know if it was activly used??

Edit: according to reddit apple just pulled all apps made by these guys. Not a proof of anything but still something to consider

[eridius]

The simple reason is if they thought that App Review might catch their shenanigans then they might decide to not do it on iOS, because being caught means having their apps pulled. I'm not surprised that Apple pulled their apps anyway, it's what I'd expect of them since they've demonstrated a willingness to put adware in their apps, even if it was only on Android.

So basically, maybe they put the adware in the iOS apps, maybe they didn't, but we can't tell from the article. But one would think that if they did, the article might have mentioned that, because it's a much better story to say "malware in the iOS app store" than it is to say "malware in the Google Play store".

[bobsam]

I don't understand your comment. Apple and Google have the same mostly-automatic approval process.

(You didnt think apple would manually inspect billions of apps and their updates? 2 weeks per app * 1 billion apps * 3 updates = 115 million man years)

[eridius]

Apple does not have an automatic approval process. They do a lot of automatic screening, because there's plenty that can be caught that way, but yes, every single app and update gets manual review by a human being.

And your math is very wrong. Very few apps update every 2 weeks, most of the apps on the app store probably haven't even been updated in the past few months, and there's not even close to a billion apps. In an interview back in January Phil Schiller said the App Store had 2.2 million apps.

[bobsam]

Nope, you missread my numbers.

I assume it takes one person 2 weeks to fully analyze an app (we are after all looking for well hidden malware, possibly downloaded from network after some use). Times 2.2 million apps. Times an average of 3 updates during its life time.

There are not enough apple employees to pull what you calim. Hence approval is semi automatic, just like Google.

Edit: 1 billion changed to 2.2 million, my bad.

[eridius]

You have no idea what you're talking about. Tell literally any third-party Apple developer that app review is automatic and you'll be laughed out of the room. Your math is way off.

[bobsam]

don't agree with my math? Show me your own numbers.

I feel you are just hiding your head in the sand instead of doing the sensible thing which is to ask apple to analyze this companys apps and report to public whether​ app store was affected.