Security researchers have developed a method that allows them via an app to all iOS actions of a user to register to a server to send. The app also works on iPhones without jailbreak, because the researchers, the App Store can circumvent.
Employees of the security company FireEye show on their blog a proof-of-concept app that they are outside of the App Store to distribute. The app runs in the background and is capable of information about all the actions of the user to store, as are also touches of the touch screen are saved, including screen coordinates. The app has been tested on iOS 7.0.4, but works according to the researchers, also on versions 7.0.5, 7.0.6 and 6.1.x.
Users can in the settings to specify which apps in the background should continue running. Apps can make this setting work for specific purposes. If an app, for example, indicates that the music should continue to play, the app automatically consent to in the background to run.
Due to the strict review process of Apple would be one such app, however, never in the App Store are permitted; the researchers from FireEye would have found a way to the App Store to work. By means of phishing, a user can be persuaded to install the app. It can also be via a vulnerability in another app. The researchers still have no further information disclosed about the method used. They say with Apple to work together to solve the problem.
