An investigation by 9to5Mac has uncovered more than 60 applications on Apple's App Store that masquerade as simple games or weather utilities but actually hide online betting platforms. The mechanism is straightforward and alarming: the apps behave as shown in their screenshots only when opened outside Brazil, but when a user connects from a Brazilian IP address, the content transforms into a full-fledged digital casino.
How jacket apps work: a geolocated deception
These apps, technically known as jacket apps, exploit remote control to change their interface based on the user's location. A user opening the app from New York will see a simple game with AI-generated animals, while the same user connecting from São Paulo will face a betting portal. Most developers have single-app accounts, often with Vietnamese names and identical privacy policies. The apps typically weigh around 15 MB and have received no recent updates.
Sponsored Protocol
Secret instructions found on GitHub: how to evade Apple's review
The investigation discovered a public GitHub repository containing detailed instructions for creating these apps using a Cursor agent. The guidelines mandate three to five visible interfaces, a marketable name, and an icon featuring a Chinese zodiac animal (dragon, ox, rabbit, rat, tiger). They also specify using remotely controlled routing to decide whether to show the local app, an in-app web page, or an external site. To avoid detection during review, the instructions suggest giving each app unique startup and remote configuration codes, making it harder for reviewers to link them together.
Sponsored Protocol
App Store's recommendation system inadvertently reveals grouping
Ironically, Apple's own recommendation system seems to group these suspicious apps: the "You Might Also Like" section more frequently shows other disguised gambling apps than genuine ones. This suggests that, despite developers' efforts to hide, Apple's algorithms can identify them, yet they are not blocked.
Brazilian pressure and recent legal actions
The discovery comes during intense pressure from Brazilian authorities. The Ministry of Justice gave Apple and Google five business days to explain how they detect apps that hide betting features after approval, verify operators are federally authorized, and prevent minors from accessing gambling services. Just days ago, Apple was also ordered to remove eight AI nudify apps following a request from the San Francisco City Attorney, showing a growing trend of platform scrutiny. For businesses seeking to defend against similar threats, phishing simulation tools can help test employee awareness.
Sponsored Protocol
While Apple has not yet issued an official statement, the incident highlights a flaw in the App Store review process. To learn more about app security, consult the Wikipedia entry on the App Store.