Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
57,435
20,270



bitcoing-250x250.jpg
Fake Bitcoin wallet apps are routinely leaking through Apple's App Store vetting process, leaving users' accounts at risk of being compromised and their coins stolen.

That's according to developers of the Breadwallet app, who estimate that fake wallets in the App Store have already lost users of the digital currency up to $20,000.

The suspect apps were first identified by the company in a post on Reddit, warning users that at least eight fake wallets on the App Store were using the same, or very similar, names to existing official mobile wallet apps.

The scam apps appeared to be aping portions of source code, icons, and graphics from legitimate apps to fool users into thinking they were using official wallets.

Breadwallet discovered a fake version of its own app which was added to the App Store on July 29, using the same name and icon as the official version. The company took immediate action and contacted Apple to remove the offending app, after customers inadvertently downloaded the fake and reported stolen funds.

"We talked with one customer who claims to have lost about $10,000, and if we go and look at the coin address where those coins were deposited, last I checked there was $20,000 listed at that address," said Breadwallet co-founder Aaron Voisine, speaking to Motherboard. "So, that's our current estimate for how much customers have lost."

Apple has since removed the offending apps listed by Breadwallet, but their appearance on the App Store has left Bitcoin wallet developers and users questioning the robustness of Apple's vetting process for financial apps.

"I think it would be good for Apple to go through some extra process to make sure they have the identity of the person posting any app in the finance section," Voisine said.

Founder of SSL security certificate company BlackCert, John Casaretto, told SiliconANGLE that the Application Development Signing Certificates, the Apple Developer Program, and the application review process had all been negated by a handful of malicious apps making it onto the Store recently.

"For a long time, it seemed as though Apple's tight controls over its ecosystem were a fairly impenetrable measure against nefarious applications, malware, and junk," said Casaretto. "Clearly that is not the case anymore."

Article Link: Apple Removes Fake Bitcoin Wallets From App Store After Users Scammed
 
  • Like
Reactions: macfacts

keysofanxiety

macrumors G3
Nov 23, 2011
9,534
25,296
"For a long time, it seemed as though Apple's tight controls over its ecosystem were a fairly impenetrable measure against nefarious applications, malware, and junk" said Casaretto. "Clearly that is not the case anymore."

Well it's not as simple as this. Loads of people were making a fuss before about Apple not allowing Bitcoin applications on the App Store and the process being bitterly difficult to get approved, or when the apps were removed.

However I don't remember anywhere when these Bitcoin wallet developers gave Apple clarity about how to appropriately approve these apps - distingush what is fake and real - as they could quite easily be misused; especially as it's a more unorthodox payment method.

Not to say Apple shouldn't take a portion of the blame, but to put the blame entirely in their hands is a little disingenuous.
 

SBlue1

macrumors 68000
Oct 17, 2008
1,840
2,248
How should Apple know if a wallet is safe? Since Bitcoin is not run by an established company.
 
  • Like
Reactions: 0815

flyinmac

macrumors 68040
Sep 2, 2006
3,578
2,460
United States
This does indeed introduce some serious questions about the safety and security of using apps in the App Store.

Certainly, if these apps can get through, what about other apps which might find ways to transmit your financial information to other unknown individuals.

Just a bit of code buried somewhere in the app, and then who knows what might be sent somewhere.

Perhaps Apple should implement an authentication system similar to PayPal where all identification and financial accounts are verified before any app can be submitted to the App Store. That way there is clear accountability established if a developer is found to be dishonest.
 

69Mustang

macrumors 604
Jan 7, 2014
7,884
15,025
In between a rock and a hard place
How should Apple know if a wallet is safe? Since Bitcoin is not run by an established company.
It's Apple's job to know if a Bitcoin app, or any app for that matter, is safe. If they don't know, they shouldn't be putting the apps in the store at all.

Not to say Apple shouldn't take a portion of the blame, but to put the blame entirely in their hands is a little disingenuous.
Who else should share the blame? Apple is the sole arbiter of what goes on the app store. Nothing hits the store without Apple's approval. But seriously, who else should take some of the blame?

Respectfully, I strongly disagree with both of you. Strongly. Whether or not there are difficulties associated with Bitcoin, it's Apple's responsibility to ensure that the apps on the app store are legitimate. Period. If Apple's approval process can't properly vet Bitcoin apps, they should stop approving them until they can get a reliable and consistent process in place.
 

WordsmithMR

macrumors 6502
Mar 17, 2015
369
457
Murica
Agreed. They should remove all current Bitcoin apps, legitimate or not, until they figure out a better vetting process for these apps.
 

kingtj

macrumors 68030
Oct 23, 2003
2,606
747
Brunswick, MD
I think a good number of people who still try to bother with bitcoin do so on principles, vs. how practical or secure the whole thing is today.

The concept is still, IMO, pretty sound. Create a decentralized currency that's truly equally useful anywhere in the world, regardless of what any particular nation declares is THEIR official currency.

Right now, as an American citizen? I surely wouldn't put more into bitcoin or any other e-currency than I could afford to lose. But imagine scenarios where someone lives in a country with a very unstable currency and wishes to do business online with people in other countries? It might really be the only viable way to do it, when the seller wants no part of the official currency of that country, or when that country imposes strict rules on importing things, or ??

Most of these hacks are the result of people putting too much trust in unknown pieces of software. There are certainly known bitcoin wallet programs available from trusted sources. When tens of thousands of dollars worth of bitcoin are on the line, I'd be pretty wary of installing any old app that appears on the "App Store" as a means to manage it! People need to realize that bitcoin transactions aren't like swiping a credit card at a random merchant's terminal. In those cases, there are parties involved who accept liability for fraud or errors with transactions. In the bitcoin world, all of the risk is truly on the holder of the currency. He or she can accept all the money they like into a personal wallet keychain, on a secured computer's drive, properly encrypted and backed up, and nobody will ever steal that out from under them. Beyond that? It's buyer beware to the extreme.


The currency of the drug-lords and other underworld - now mostly being run from the deeper reaches of China.
[doublepost=1470744089][/doublepost]And in yet ANOTHER Bitcoin hack - $70 million stolen and the value drops by 20% - who in the right mind bothers with this "currency"

https://techcrunch.com/2016/08/02/b...of-bitcoin-was-stolen-from-bitfinex-exchange/
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.