76 Famous iOS Apps Vulnerable to Silent Data Interception

The vulnerability allows attackers to steal login and financial data of iOS users secretly.

The IT security researchers at Verify.ly, a service responsible for scanning the binary coding of iOS apps to identify any prevailing security flaws, 76 popular iOS apps are not safe to be used. Verify.ly suggests that these are extremely common apps, with a combined total of 18 million downloads. The problem is that these apps possess no protection against the devastating silent data interception of TLS-protected data.

The research team at Verify.ly tested the shortlisted 76 apps, which included browser apps, Vice News app and various VPN apps and found all of them to be exploitable. Apparently, attackers can launch a silent man-in-the-middle attack using the inherent vulnerability and intercept, exploit and even steal crucial user data such as bank account login credentials.

Must Read: 38% of Android VPN Apps on Google Play Store Plagued with Malware

Verify.ly founder Will Strafach released a detailed report in which he outlined the findings clearly, and stated that 33 apps out of the vulnerable 76 are categorized as low-risk while 24 are in the medium-risk group and 19 are counted as high-risk apps.

Strafach further stated that their system has shortlisted “hundreds of applications” that are likely to have higher vulnerability to data interception. He tested the company’s claim using a “live iPhone running iOS 10” along with a “malicious proxy” to embed an invalid TLS certificate inside the connection.

It must be noted that the medium and low risk groups of apps are not vulnerable to confidential user data interception but the high risk group apps are highly vulnerable to giving out valuable data including financial or medical service credentials including username and passwords.

Strafach also clarified that unlike other devices that require being on the same Internet network to be exploited, the case is not the same with iOS apps and the attack can be conducted by anyone who is within the Wi-Fi network range of the device. “This can be anywhere in public, or even within your home if an attacker can get within close range,” added Strafach.

It was also identified that the App Transport Security feature, which is the highlight of iOS apps, is helpless in blocking the vulnerability from intercepting the data in motion. Strafach stated that to protect data, it is a better idea to switch off your Wi-Fi and cellular data. Also, it is a wise strategy to use cellular data to login to your bank account, making transactions and balance inquiry. The reason is that cellular networks are not as easy to be tracked as Wi-Fi networks are.

List of high-risk vulnerable apps:

Strafach did not reveal the list of high-risk apps. The reason for this is that researchers have already informed the impacted companies and given them a time of 60 to 90 days to issue security apps. The list will be revealed upon a follow up within two to three months since cyber criminals can use those apps if their names are published before patching them. However, the category of those apps include banks, medical services and developers of other sensitive apps.

List of low-risk vulnerable apps:

  1. Free Video Call, Text and Voice
  2. VivaVideo
  3. Snap Upload for Snapchat
  4. Uconnect Access
  5. Volify
  6. Uploader Free for Snapchat
  7. Epic! 
  8. Mico
  9. Safe Up for Snapchat
  10. Tencent Cloud
  11. Uploader for Snapchat
  12. Huawei HiLink (Mobile WiFi)
  13. VICE News
  14. Trading 212 Forex & Stocks
  15. 途牛旅游-订机票酒店火车票汽车票特价旅行
  16. CashApp
  17. FreeMyApps
  18. 1000 Friends for Snapchat
  19. YeeCall Messenger
  20. InstaRepost 
  21. Loops Live
  22. Privat24
  23. Private Browser
  24. Cheetah Browser
  25. AMAN BANK
  26. FirstBank PR Mobile Banking
  27. VPN free
  28. Gift Saga
  29. Vpn One Click Professional
  30. Music tube
  31. AutoLotto
  32. Foscam IP Camera Viewer by OWLR for Foscam IP Cams
  33. Code Scanner by ScanLife: QR and Barcode Reader
Related  3 official European Union (EU) domains Defaced by Indonesian Defacer Index Php

Read More: Which Phone is More Vulnerable to Hacking — iPhone or Android?

If you are using any of these apps; it is better to delete them and use as less as possible since the former National Security Agency (NSA) chief Michael Hayden revealed a shocking story about iPhone apps. According to Der Spiegel, a salesman approached Hayden and his wife in an Apple store and praised the iPhone, saying that there were already “400,000 apps” for the device. Hayden, amused, turned to his wife and quietly asked: “This kid doesn’t know who I am, does he? Four-hundred-thousand apps mean 400,000 possibilities for attacks.”


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Written by Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.