The list of blacklisted apps in the report included WinZip for iOS version 4.7.6, hash 3a4ffefa5badfe3cc5a6bd9c418ea438. Appthority’s static and dynamic risk analysis determines the risk that is assigned to various mobile app behaviors.
Regarding the reported behavior, Appthority confirmed the presence of code that can send SMS messages in the app. The code appears to be present as part of the Google Ads library, observed in the function -[GADOpener openSmsComposer:]. Even if the code is not intended for use in normal operation of the app, Appthority considers its presence to be a risk as there may exist conditions where it can be activated.
Appthority’s risk score was 7 for the 4.7.6 version of the WinZip app that enterprises blacklisted. This was calculated by the presence of behaviors including the above presence of SMS sending code, as well as others including cloud file storage, sending of PII, and jailbreak detection.”