Fake LastPass App Sneaks Past Apple's Review Team

[klasma]

In the current plans, Apple’s still going to have some control, even over alternate stores. And, this is the reason why. The EU would be fine if their rules meant a fake Last Pass app staying up on alternate stores indefinitely. Apple would not.

There are laws against frauds and scams that can be enforced. We don’t need Apple playing the police.

 

[arlomedia]

Nice that Apple intervened in this case. I had a case where another developer built an app similar to one of mine, used the same app name plus a "The" at the beginning, and released it. My app has an established following and its name is a registered trademark. The only thing Apple would do is give me the email address of the infringing developer. I had to hire a lawyer to intimidate the developer into changing the infringing app's name.

 

[0x4d]

It probably is a human error and the reviewer was so focused on the checklist that he didn't notice it was trying to mimic another app. The timing is unfortunate but it doesn't mean that the audit process is useless.

Human errors like this should not even be possible. There should be an automated system of checking for red flags before an app even makes it to the reviewer. Any of the following going off should result in the app being assigned to senior level manual review with the flags highlighted in bright red and require manual sign off before proceeding:

1. App has over 1m users or its name has significant similarities to an app with over 1m users.
2. Use of private APIs in the code.
3. First version of any app mentioning the following keywords: crypto, password, bitcoin, ethereum, banking, cash, wallet, etc.
4. First version of any app mentioning the name of any public figure or celebrity.
5. First version of any app targeting children.
6. First version of any app introducing an IAP costing over $99.99.

 

[Stymyx]

I ditched LastPass a couple years ago, when they had that data breech that at first they denied, but then confirmed a few months after the fact!

 

[dominiongamma]

Good thing we’ll have safer alternative app stores soon and won’t have to rely on Apple’s superficial app reviews anymore.

No thanks to malware and data being stolen

 

[Mrkevinfinnerty]

Can't be true. Apple is protecting us from the world which without their 30% cut is a very scary place.

 

[User 6502]

Imagine this (and others) on an app store not under Apple's control.

What makes you think that there won’t be App Stores with better checks than apple? Maybe some will have more relaxed control (or none) and others far more stringent ones. Yet another reason why the Europeans are lucky to live in the EU.

 

[antiprotest]

Harder to argue against the EU doing what they do whilst preaching the safety and security of Apple when this happens.

Or this shows that we need to harden the walled garden even more, because if Apple's app store makes this pathetic and inexcusable mistake, alternative app stores and sideloading will make things much, much, much, much worse.

 

[User 6502]

At least once it was noticed, Apple removed it within 1 day. Will alternate app stores remove it at all? Some alternate stores will likely be similar to Apple in safety. Others will NOT, especially ones that will cater to pirating.

And users will be able to choose whichever stores suit better their needs. Some corporate users will need highest security standards and will choose stores that provide that (even more than Apple does potentially) others don’t care or need high security and will prefer stores with wider choice.

 

[DailySlow]

The app should be down already. Disappointed in Apple's lack of urgency here.

Edit: looks like they removed it now

 

[turbineseaplane]

Yeah - it's far easier to claim security when the "screening" process happens behind closed doors and there are no other stores to compare to.

Yep!
Like all monopolists, Apple doesn't want to have to compete

That's why they are kicking and screaming like a little baby about letting iOS/iPadOS users choose where to get Apps from -- just like they already do on their Mac (or PC, etc)

 

[Samplasion]

[...] if Apple's app store makes this pathetic mistake, alternative app stores and sideloading will make things much, much, much, much worse.

That's a non-sequitur if I've ever seen one.

 

[turbineseaplane]

What makes you think that there won’t be App Stores with better checks than apple? Maybe some will have more relaxed control (or none) and others far more stringent ones. Yet another reason why the Europeans are lucky to live in the EU.

What an excellent point!

I could see a "Disney" of the world creating a truly "safe for kids" App Store that would demolish Apple in that particular niche.

I'm sure parents would love an App Store that's truly kid safe and doesn't have scam apps and casino games and the like

 

[Jason2000]

That walled garden is working well I see. Less than a week after that Phil Schiller speech as well 🤣

Some of you guys act as if you are perfect and never make a mistake...lol

 

[vipergts2207]

Excuse me, but I was told by people on this forum that Apple would protect my iPhone and keep me safe from the scary third-party app sources. What the hell is this?!

 

[neuropsychguy]

So much for "the safest app store on iPhone," huh? 😂

It is the safest App Store on iPhones... It's also the least safe.

 

[WarmWinterHat]

Some of you guys act as if you are perfect and never make a mistake...lol

The App Store isn't a person, it's supposedly 100s of people collectively looking at submissions.

With that many eyeballs, it's unacceptable.

 

[neuropsychguy]

Harder to argue against the EU doing what they do whilst preaching the safety and security of Apple when this happens.

Would alternative app stores be more secure?

 

[LeeW]

Or this shows that we need to harden the walled garden even more, because if Apple's app store makes this pathetic and inexcusable mistake, alternative app stores and sideloading will make things much, much, much, much worse.

See, you assume that only Apple can do it well, but in order to do it well, they need to do better. Not buying your logic there.

 

[corbindav]

Wait a minute, I thought the App Store was super secure and that's why we can't sideload applications! /s

 

[vipergts2207]

If there were MORE stores, that were NOT directly under Apple’s control, this would happen… less? Or More?

Because, Apple is saying it would happen more. And, Apple would not be in a position to remove it. This kind of thing actually makes Apple’s point.

That’s some truly twisted logic. “Only Apple can keep us safe, as evidenced by the security breach in Apple’s App Store.”

 

[StuBeck]

I can understand a dodgy update sneaking through because those are mostly approved automatically but shouldn't an actual person be reviewing NEW apps? How the heck did this sneak through?

Quotas and a lack of oversight. If the App store was as secure as they've been claiming this wouldn't happen. It isn't, so these things have happened, and will happen in the future.

 

[vipergts2207]

The app store is full of scam apps. It shows that (a) the app store isn’t the safe haven that Apple claims it is, and (b) that it isn’t as big a safety problem in practice as they claim.

It can also lull people into a false sense of security. Because of Apple’s marketing and bluster, a good number of people may think everything on the App Store is safe. Even if they’re a Luddite who doesn’t already know of the risks about getting stuff from the wider internet, Apple conveniently lets you know in advance.

 

[I7guy]

Excuse me, but I was told by people on this forum that Apple would protect my iPhone and keep me safe from the scary third-party app sources. What the hell is this?!

As I said previously, one has to be selective when determining the truth factor made by non-public entities on the internet.

 

[klasma]

It can also lull people into a false sense of security. Because of Apple’s marketing and bluster, a good number of people may think everything on the App Store is safe. Even if they’re a Luddite who doesn’t already know of the risks about getting stuff from the wider internet, Apple conveniently lets you know in advance.

Apple always wants to project the image of an idyllic world where everything is perfect as long as you only use Apple products in the intended Apple way. But the world is not that, the products are far from perfect, and users have needs and wants that Apple doesn’t (care to) fulfill.