iPhone Safety Part 2 – Is Apple all phoney?

iPhone Safety Part 2 follows the investigations by Cybernews researchers who found 70% of its App Store leaked hardcore secrets. It asks how Apple can get away with what amounts to gross negligence.

The original post Apple iPhone is not safe – 70% of App Store apps leak hardcore secrets, nearly melted down our servers. The companion post Apple iPhone safety – things you can do to stay safer was not far behind.

Why? Cybernews says we shouldn’t mistake slick marketing for security. And we shouldn’t let Apple off the hook simply because the alternative might be worse. Apple’s tight control over its ecosystem gives it enormous power, but with that comes responsibility. Until then, the walled garden may look pristine, but it’s full of weeds.

It adds that Apple has the power to detect suspect apps during approval (Google does), but for reasons unknown, it declines to do so.

Example – “Cats Tower: The Cat Game!” in the App Store

Rhino Games, allegedly based in the San Francisco Bay Area, USA (not related to Bad Rhino Games), publishes a range of colourful games largely based on a ‘merge-engine’. These all leak copious data.

CyberShack did some digging. Rhino Games is just a USA front for Next Epic, based in Yerevan, Armenia (adjacent to Türkiye, Azerbaijan, and Georgia and just north of Iraq, Iran). Armenia was part of the USSR until 1991. It has been wracked by internal military and political struggles and ethnic cleansing as recently as late 2023, which required Russian peace-keeping enforcement.

Armenia is not noted for software development. The website has a domain rating of 9/100, mainly linked to SEO enhancement sites. It has fewer than 10 employees.

But there is more. Further digging shows that the ‘Merge-core development’ is by Helsinki-based Metacore Games, which Next Epic rebadges (and we suspect adds all manner of data harvesting).

But there is more. Metacore Games is owned by Supercell Oy. Supercell is primarily owned by a Luxembourg consortium, which is a front for the Chinese giant Tencent, allegedly the world’s largest video game vendor. It uses Supercell’s in-game microtransactions engine.

So, we have ostensibly a

• US company Rhino Games (which one would assume plays by the rules but does not).
• Owned by an Armenian front company, Next Epic (no rules).
• Owned by a Finnish Company, Metacore.
• Owned by Supercell
• Owned by a consortium front Halti S.A.
• which is owned by China’s Tencent and has close links to the CCP, making it one of the scariest global internet companies. The US Department of Defence designated it a Chinese military company (January 2025). Tencent owns or has significant investments in Riot Games, Ubisoft, Blizzard, Unreal Engine (and all games built on it), Supercell, and the list goes on.

If we found that, why didn’t Apple? Is this a company you want to support?

Privacy – what privacy?

Its privacy policy is boilerplate, meaningless stuff, but this clause stands out. ‘We may share Personal Data internally within our family of companies for the purposes described in this Privacy Policy. In addition, should Next Epic or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your Personal Data may be shared with the parties involved in such event’.

Cybernews found ‘Cats Tower: The Cat Game!’ with more than 500,000 installs leaked sensitive data, including:

• Users’ IP addresses (reverse lookup of physical address)
• Facebook IDs and access tokens (enabling Facebook takeover)
• Hardcoded backend credentials
• Usage data
• Identifiers
• Diagnostics

It also pressures you to make in-app purchases (US prices—double for Australia). These games rake in millions of dollars a day, all going to Armenia.

• Premium Membership $12.49
• Pinch of Crystals $1.99
• Remove Ads Permanently $2.99
• Starter Package $2.99
• Golden Row $14.99
• No Subscription $17.99
• Crystal Pack Discounted $2.99
• Pocketful of Crystals $7.99
• Wheel of Fortune $1.99
• Super Cat $1.99

 The Bottom Line on iPhone Safety Part 2

Aras Nazarovas is an Information Security Researcher at Cybernews states

The cat game leak is a warning shot. As mobile cyberattacks surge and the App Store’s walled garden shows cracks, it’s clear that mobile security is your problem too, not just Apple’s. So next time you download a new app – even one with adorable kittens – remember that on the internet, curiosity doesn’t just kill the cat. It can put your privacy at risk, too.