Google developer helps Apple fix security flaw in its application store that for years allowed attackers to steal passwords and install unwanted or expensive applications. Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store. An attacker only needs to be on the same network as the person who is using the app store. From there, they can intercept the communications between the device and the app Store and insert their own commands. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks.
Source: https://thehackernews.com/2013/03/apple-app-store-was-vulnerable-for-more.html