Security researchers have developed a method that allows them to register all iOS actions of a user via an app and send them to a server. The app also works on iPhones without jailbreak, because the researchers can bypass the App Store.
Employees of the security company FireEye show on their blog a proof-of-concept app that they can distribute outside the App Store. The app runs in the background and is able to store information about all user actions, including touchscreen touches, including screen coordinates. The app has been tested on iOS 7.0.4, but according to the researchers also works on versions 7.0.5, 7.0.6 and 6.1.x.
Users can specify which apps are allowed to run in the background in the settings. However, apps can bypass this setting for specific purposes. For example, if an app tells you to keep playing music, the app is automatically allowed to run in the background.
However, due to Apple’s rigorous review process, such an app would never be allowed in the App Store; FireEye’s researchers are said to have found a way to bypass the App Store. By means of phishing, they could persuade a user to install the app. It can also be done through a vulnerability in another app. The researchers have not yet released any further information about the method used. They say they are working with Apple to solve the problem.