Apple comments on 'Masque Attack', reminds users of built-in security safeguards

Posted November 16, 2014 · November 16, 2014

Masque Attack — the abuse of Apple's iOS Enterprise Developer or standard developer systems to try and trick people into installing malware apps on their iPhones or iPads — made for sensational headlines earlier this week, despite it being a threat to relatively few users. In response to Masque Attack, Apple gave iMore the following statement:

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Apple has also posted a knowledge base article with more information:

iOS: When you install custom enterprise apps

It's worth stressing again that, in order to be compromised by a Masque Attack, you'd need to download and install an app from outside the App Store, then tap "Trust" on the warning dialog on your iPhone or iPad. In other words, you'd need to go out of your way to override those built-in security safeguards.

For more on Masque Attack, how to avoid it, and what to do in the unlikely event you somehow get tricked into installing a Masque Attack app, see Nick Arnott's write-up from earlier this week: