All that said, though, "Without any transparency [from Apple on the approval process], we don't know," Mogull added.
A developer could technically embed a mechanism within an app to open a compromised file--like day.mp3--and do something untoward with it. If Apple does run each app and test it for such activity, it's well-equipped to detect such behavior. But if Apple is merely scanning files it considers risky, the company may need to check more files for rogue code.
Again, though, that's not what's happening with Simply Find It. It's a game that appears to have unintentionally embedded a corrupted MP3. Since the app doesn't attempt to abuse that MP3, and since the URL embedded in the MP3 isn't currently active, then our sources are right: There's no current threat to users from this particular app.
Still, with Apple's lack of transparency regarding how it validates the safety of files added to the App Store, there's at least minor cause for concern. The App Store still feels miles safer than the unmoderated waters of some competing platforms, but the presence of the troublesome code in Simply Find It should, perhaps, give you pause.
Sign up for CIO Asia eNewsletters.