The developer of at least one third-party app store has been found using a new method of subterfuge that enabled the shop to be legitimately placed inside Apple's official App Store.
Security vendor Trend Micro identified a case where a purported household financial helper app was available on the App Store operating as a front for a third-party app store.
If downloaded, the fake app at first appeared to be the advertised accounting app, but if left open eventually switched views to display the illicit third-party app store.
The imposter app uses Japanese characters, but the app store itself is written in Mandarin Chinese.
The reason why anyone would bother to pull off this trick was a mystery to Trend Micro's researchers.
Not only is extra effort needed to create a fake app that meets Apple's App Store criteria, but any third-party apps downloaded by the victim have to use a roundabout process to be installed.
Installing apps from the third-party store required a technique using signed enterprise digital certificates.
If the apps purchased are signed with Apple's certificate, the third-party store needed the user's Apple ID as well.
This particular app has been removed by Apple, but while it was functioning, one app it was distributing was a jailbreak app that had been previously banned by Apple.
Trend Micro also noted an illegal app store can be used to distribute malware in what would otherwise be considered a safe environment.