From: [email protected]
To: [email protected]
Date: 14 July 2017

Subject: [Important] Vulnerability discovered in Orion Browser iPhone App - All Versions

Hi,

This app was officially removed from the App Store on the 7th July 2017 and had no users
actively installed. TOR generally in my view, as of late has been used for criminal
purposes, and I don't endorse it.

A conscious decision was made to replace it with a VPN service and a suite of tools that
1IQ will release within the year. I thank you for your efforts but must advise you that
there is no threat. After the price rise, the sales were practically 1 unit per month.

In the past, the App was updated to ensure the iOS requirements for https were satisfied.
The actual certificate in the recent 21 days with no sales) has been disconnected as we
unwind this app. SSL on this domain was independent and secured until then.

This App came with an EULA. To verify the original purchase and binary may I please have
a copy of the receipt of purchase and a copy of the original IPA file from the Apple App
Store to verify that the App is a true copy. I do have a unique identifier for users which
is anonymous but shows a purchase was done so can I verify this report and associated binary.

In order for that, I need the date and time of the purchase of the software along with the receipt.

I advise that there are no legitimate users with the App installed on their device. There
is no risk and until I can verify if this is a true paid copy, I would like to fairly go
through this and replicate your findings. I do thank you for this report. This ethically
would come first before anything should be reported as I must have an opportunity to
verify the App has not been altered in any way and is a legitimate license, even though
the App is removed. That is fair.

Thanks kindly for bringing this to my attention.

1IQ Pty. Ltd