A team of researchers at the Georgia Institute of Technology have revealed a method which they say can slip iOS malware past Apple's App Store approval process.

Their research into what they dubbed "Jekyll apps" was presented at the 22nd USENIX Security Symposium in Washington, D.C. and published online as a PDF titled Jekyll on iOS: When Benign Apps Become Evil.

"Our method allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process," explained the five-person team.

"The key idea is to make the apps remotely exploitable and subsequently introduce malicious control flows by rearranging signed code. Since the new control flows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple's approval. We implemented a proof-of-concept Jekyll app and successfully published it in App Store. We remotely launched the attacks on a controlled group of devices that installed the app. The result shows that, despite running inside the iOS sandbox, Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities."

Their "Jekyll" app was created with remotely-exploitable vulnerabilities built in, masked by legitimate features to evade detection during the App Store approval process, but ready to be triggered once the app was installed on an iOS device.

In effect, the app is a Trojan which only becomes active once it runs and has its program logic reconfigured remotely through built-in vulnerabilities put there by the programmer.

In the example, they also used undocumented private APIs in iOS to access users' data - such as the entire contents of the address book - while hiding this use "in a way that is more resilient to non-trivial code analysis" during the approval process.

The proof-of-concept app was based on an open source news app called News:yc, modified with vulnerabilities and malicious code gadgets, and configured to connect to a server controlled by the research team.

It was approved by Apple and released on the App Store in March 2013 for long enough for the team to download it to their own devices. They then quickly removed from the store to ensure no one else downloaded it. "We have data to show that only our testing devices installed the app," explains the report, with the team having "made a full disclosure of our attack to Apple".

Apple spokesperson Tom Neumayr told MIT Technology Review that Apple has since made some changes to the iOS software in response to issues identified in the research, which has a section discussing possible counter-measures to this kind of malware. It's unclear whether the iOS 6.1.3 update in mid-March, which included some security updates, dealt with this - though the researchers' paper suggests that it would be almost impossible to detect such "Jekyll" apps without examining their source code in detail.

"The idea of hiding vulnerabilities and later exploiting them is not easy to fix by Apple. It's a fundamental issue for Apple. Most likely Apple can use better sandbox policies to refine what we can do. But 6.1.3 doesn't fix them," Tielei Wang, one of the researchers, told the Guardian.

"Sandboxes" are the virtual spaces created for individual apps within iOS: each has its own set of files and restrictions about what global data or access it can have. That prevents direct sharing of data: Apple says that the purpose of sandboxing is "to limit the damage a compromised app can do to the system."

The claim by researcher Long Lu that Apple's approval team only ran the Jekyll app for "a few seconds" before approving it for distribution on the App Store raises the prospect that other malware may make its way onto the store too – or may have done already. Apple has not specified how it tests apps, but a standard method would be to run machine-based "dynamic analysis" in which the code is executed in a virtual machine to check it.

Apple says it rejects apps that use non-public APIs - but the "Jekyll" app hides its use of those in apparently dead code which would not be accessible to a machine test before the app had been reconfigured.

Thus far, Android has faced much more scrutiny over malware available through the Google Play store. Trend Micro recently claimed that the number of "malicious and highrisk" Android apps was on course to reach 1m by the end of 2013.

Meanwhile, the UK's Chartered Institute for IT recently warned about Android malware evolving beyond its most common form of SMS Trojans that text premium-rate numbers from people's smartphones.

Apple's confidence that iOS is less vulnerable to malware than Android is unlikely to be dented by the Georgia Tech team's paper alone. Wang told the Guardian that the same method would work against Android: "Since Android also allows third-party apps to use native code, you can also hide vulnerabilities there. But implementing an Android malicious app is relatively easy, I don't think malicious developers need to do this."

But news that Apple's approvals process isn't entirely malware-proof may encourage malicious coders to target iOS as well.

Apple will have to balance security concerns with the task of approving more than 4,800 new iOS apps a week, based on the App Store's growth from 650,000 apps in June 2012 to 900,000 in June 2013.