To exploit the fact that Apple runs at least some programs for only a few seconds before approving them, the researchers decomposed the malicious code into "code gadgets" that were hidden but could later be reassembled.
"The app did a phone-home when it was installed, asking for commands," Stony Brook University researcher Long Lu, part of the Georgia Tech team, told MIT Technology Review. "This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed."
"The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," Lu added.
Apple spokesman Tom Neumayr told MIT Technology Review that the company made some changes in response to the researchers' report, though he wouldn't comment on Apple's app review process.