updated 09:00 am EDT, Tue May 28, 2013
Not the first time backdoor tethering has been discovered, removed
Apple's process for checking apps to prevent them from doing things other than what is advertised -- a potential door to malware on the iOS platform -- appears to need strengthening after another already-approved application was discovered to have a secret "tethering" mode that would allow users to share their 3G/LTE data connection without their carriers' permission.
A drawing app called Little Artist Canvas ($1, but now removed) worked as a straightforward drawing program but, after following instructions found online, could be used to set up a new SOCKS proxy that allows data tethering. Most US carriers forbid the use of tethering without an additional fee, and indeed may detect and charge the fee even when the user employs circumvention techniques such as the one used in Little Artist Canvas.
In 2010, another app appeared that appeared to be a simple "flashlight" app but used online instructions to promote a hidden tethering feature. That program was also quickly removed from the App Store. Both it and the new program tap into a hidden feature of iOS in order to allow the tethering for the benefit of those customers who have unrestricted sharing of data.
In Little Artist Canvas, users selected colors and the eraser in a particular order to activate a command mode in which they could manually entire TCP/IP settings in order to bypass the tethering lock. Apple is opposed to unauthorized tethering due to carrier agreements as well as out of concern that the exploit would also make it possible for malware to enter the platform, which has been free of any serious threats thus far.