Some iPhone Apps Receive Mysterious Update 'From Apple'
tosh
81 points
21 comments
April 07, 2026
Related Discussions
Found 5 related stories in 55.0ms across 3,871 title embeddings via pgvector HNSW
- Apple removes iPhone vibe coding app from app store randycupertino · 50 pts · April 01, 2026 · 51% similar
- Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild WalterSobchak · 115 pts · March 18, 2026 · 47% similar
- Apple releases iOS 15.8.7 to fix Coruna exploit for iPhone 6S from 2015 seam_carver · 85 pts · March 12, 2026 · 46% similar
- Someone has publicly leaked an exploit kit that can hack iPhones moose44 · 19 pts · March 23, 2026 · 46% similar
- Apple Gives FBI a User's Real Name Hidden Behind 'Hide My Email' Feature cdrnsf · 15 pts · March 26, 2026 · 45% similar
Discussion Highlights (12 comments)
swizz89
Is it a conspiracy, or just a bug in the app store? Nobody knows.
F30
In the past, things like this used to be done for signing certificate rollovers.
NSUserDefaults
Could be a fix for per-device asset optimization that got messed up somehow.
merelysounds
Speculation for fun: I always thought popular apps can use private apis or are handled in a special way by the OS itself. If yes, perhaps this is related. Then again I found no source for that - and some certificate rollover seems more likely.
politelemon
Neither developers nor consumers should be comfortable with this, as this breaks the trust model and is extremely worrying. The site is of course downplaying it given its name, which is a huge shame.
hdgvhicv
Vast majority of change logs are along the lines of “implements to make things better”
gbil
I saw this the other day in a couple of apps, I've checked other apps and didn't have that, did a quick check on HN frontpage and saw nothing and said wth I'll update to see if something changes in the app or there is a message. Got nothing, and didn't think more about it but I'm not sure why, is it the "trust in the process" thing or what?
charcircuit
This sounds like a bug with the App Store app than a new update actually being installed.
eecc
hmm, my money is on some actively used 0-day exploit that Apple is sealing shut before the CVE gets announced. By the looks of the app list, they seem to be apps and games that used to be popular and have fallen in disrepair and apps that are starved of maintenance attention. On the one hand it could be an exceptionally good example of "stewardship"; on the other hand, if this is true, what if authorities could later compel Apple to manipulate applications in some malign manner?
ting0
Has anyone ever done a proper security audit of VLC that is downloaded from the web? I don't trust it, and the fact that their releases on Github don't include binaries makes me trust it even less. Nobody is compiling VLC from source, and they don't provide any sort of provenance from the GH actions pipeline.
NeoBild
The FairPlay certificate rotation theory makes the most sense. Apple has done silent re-signing before when DRM certificates expired. What's unusual here is the update note surfacing in the App Store UI at all — that's probably an unintended side effect of whatever pipeline they're running this through, not intentional transparency.
rascul
If Apple is distributing modified vlc binaries without releasing the source of the changes when requested, is that a potential legal problem?