iPhone fake apps steal personal information via emails and SMS messages sent to devices, according to recent report.

A California-based mobile security company discovered a glitch which allows iPhone fake apps to be installed on legitimate ones, allowing hackers to steal personal information direct from users' phones.

The breach was demonstrated by sending a clickable URL to an iPhone, prompting installation of a new "Flappy Bird" game. The install prompt downloads a shady Gmail app instead, which is then automatically heaped on a legitimate Gmail app installation.

The compromised Gmail app is quite undetectable, copying the features of the legitimate installation. A background process uploads all personal data to the hacker's server, though.

The second wave of attacks compromises SMS messages sent to iPhone, monitored and copied by the downloaded and installed iPhone fake apps.

The danger of compromised personal information is severe enough, especially for users who change or update passwords and PINs via email. Sensitive SMS messages are also compromised by the breach.

"The vulnerability exists in iOS versions 7.1.1, 7.1.2, 8.0 and 8.1.1 beta and is possible because iOS doesn't check the validity of the app's bundle identifier-an ID string carried by each app that is supposed to be unique. If a fake app uses the same bundle identifier as a legitimate app, iOS doesn't question it, even if its from a different source, said FireEye.

The only apps resistant to the attack are those that are preinstalled." (pcworld.com)

The usual precautions apply for users in downloading and installing apps. Be wary of third-party apps altogether, and opt for those officially available on the Apple Store.

Possible breaches can be detected by browsing "Settings > General > Profiles" on iPhone devices, but only for those installed with iOS 7. iOS 8 currently doesn't show provisioning profiles, and breaches from iPhone fake apps are consequently more difficult to detect.