Apple left the App Store open to a number of security vulnerabilities for six months after a Google security researcher informed it of the problem.

Apple’s failure to implement HTTPS encryption was first identified by Elie Bursztein in July 2012, but the protection was only put in place on 23 January this year.

The lack of App Store encryption meant malicious users could potentially hijack user passwords, force users to download different apps to the ones intended, prevent installs, or manipulate upgrades so users would install different apps.

These attacks would require users to be on the same Wi-Fi network as the attacker, but Burszstein said this is an increasingly common possibility in public places.

The swapping of apps could have led users to pay for apps when they intended to download free titles, while hackers have previously shown they can cause significant problems if they have control of users’ Apple IDs.

The vulnerabilities were present for years before they were flagged by Bursztein, who said it was fortunate they were not widely known by hackers.