Who was the App Store reviewer, Stevie Wonder? The app clearly says LassPass.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Fake LastPass App Sneaks Past Apple's Review Team
- Thread starter MacRumors
- Start date
- Sort by reaction score
If there were MORE stores, that were NOT directly under Apple’s control, this would happen… less? Or More?
Because, Apple is saying it would happen more. And, Apple would not be in a position to remove it. This kind of thing actually makes Apple’s point.
So much for "the safest app store on iPhone," huh? 😂
That's because Apple only screens for apps that would undermine its business strategy.
Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass customers into using the fake app instead of the real app (via Bleeping Computer).
The "LassPass Password Manager" app was somehow approved by Apple's App Store review team, even though it appears to clearly mimic the LastPass app. It doesn't use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.
It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn't ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.
There is also a "PRO" upgrade that costs $1.99 per month, $9.99 per year, or $49.99 for a "lifetime" subscription, so the aim of the app may be collecting subscription money from customers. Either way, LastPass users should be aware of the fake app and should avoid it. At best it is aiming to steal money, and at worst, it is stealing passwords and credit card information.
Clone apps often make their way into the App Store, but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.
Apple has been promoting the safety and security of the App Store as it prepares to allow for alternate app marketplaces in the European Union, and allowing a fake password management app onto the App Store is not a good look.
LastPass says that it is working to get the clone app removed from the App Store. Though LastPass published its alert yesterday, and presumably contacted Apple at the same time, the app remains in the App Store as of now.
Article Link: Fake LastPass App Sneaks Past Apple's Review Team
Time for Bytewarden and Dashlene
That walled garden is working well I see. Less than a week after that Phil Schiller speech as well 🤣
At least once it was noticed, Apple removed it within 1 day. Will alternate app stores remove it at all? Some alternate stores will likely be similar to Apple in safety. Others will NOT, especially ones that will cater to pirating.
Imagine an app store organized by someone who still cares about quality.
Password managers will almost certainly stay in the Apple iOS App Store
Besides that, folks should have the freedom to source Apps from anywhere they'd like, just as they do on their Mac
We aren't all 5 year olds.
Let's be treated like adults please Apple
and this is not the very first time, it's not that this never ever happened before.
I think that’s the point, that apple (or insert your company name here) cannot prevent all scameware and houseware; it stands to reason how alternative app stores can exacerbate this issue on a wide scale.
There are those who want to throw the baby out with the bathwater.😂
In the current plans, Apple’s still going to have some control, even over alternate stores. And, this is the reason why. The EU would be fine if their rules meant a fake Last Pass app staying up on alternate stores indefinitely. Apple would not.
Luckily, those of you who live in the EU aren't forced to use this "app store" full of scams and fake apps, but can download safely direct from the developer's website once it's up and running.
Or just use Bitwarden and give Lastpass a swerve.
Or just use Bitwarden and give Lastpass a swerve.
Thank very much for the information provided!!!!
Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass customers into using the fake app instead of the real app (via Bleeping Computer).
The "LassPass Password Manager" app was somehow approved by Apple's App Store review team, even though it appears to clearly mimic the LastPass app. It doesn't use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.
It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn't ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.
There is also a "PRO" upgrade that costs $1.99 per month, $9.99 per year, or $49.99 for a "lifetime" subscription, so the aim of the app may be collecting subscription money from customers. Either way, LastPass users should be aware of the fake app and should avoid it. At best it is aiming to steal money, and at worst, it is stealing passwords and credit card information.
Clone apps often make their way into the App Store, but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.
Apple has been promoting the safety and security of the App Store as it prepares to allow for alternate app marketplaces in the European Union, and allowing a fake password management app onto the App Store is not a good look.
LastPass says that it is working to get the clone app removed from the App Store. Though LastPass published its alert yesterday, and presumably contacted Apple at the same time, the app remains in the App Store as of now.
Article Link: Fake LastPass App Sneaks Past Apple's Review Team
It probably is a human error and the reviewer was so focused on the checklist that he didn't notice it was trying to mimic another app. The timing is unfortunate but it doesn't mean that the audit process is useless.
Is it also possible for the developer of LastPass to see that information as well, or is that part of a screening process?
That’s a bad point. It could come to pass the scam are and malware could flow like Niagara Falls with unchecked apps.
We also had an issue a couple of weeks ago where another company from the US (we only operate in Europe) used our company name in the App title and all over the AppStore description for keyword stuffing purposes. I only noticed it after I randomly searched for our app and that fake app appeared right below ours
This seems to be an indirect attempt at warning EU users about what they may be facing when *OS 17.4 gets released. "You want to sideload apps? Good luck!"
The app store is full of scam apps. It shows that (a) the app store isn’t the safe haven that Apple claims it is, and (b) that it isn’t as big a safety problem in practice as they claim.
Yeah - it's far easier to claim security when the "screening" process happens behind closed doors and there are no other stores to compare to.
Oops! Just when Apple started polishing up the new iOS 17.4 pop-up screens, boasting about the AppStore safety…
Last edited: