Pirated Movie App Disguised as Vision Test Snuck Onto App Store

[MacRumors]

A vision testing app named "Kimi" with a not-so-hidden pirated movie feature recently made its way past Apple's review team, ultimately reaching number eight on the list of top free entertainment apps.

As reported by The Verge, Kimi's App Store listing claimed that it was an app that "tests your eyesight," but when downloaded and installed, it opened right up to a clear TV show and movie interface for downloading and watching pirated content. There was no attempt to hide the app's true purpose behind some kind of vision test interface, which begs the question of how it made its way past the App Store review team.

The App Store description mentioned comparing two pictures as an eyesight test, watching scenery, and playing games, but none of those features were present in the app.

For an app focused on pirated content, Kimi had a fleshed out feature set. It offered top movies, search options, recommended suggestions, games, and more, with ads included for monetization purposes. The app was first approved in September, and it was available for several months in the iOS and macOS App Stores without Apple noticing.

Apple pulled the app this morning after The Verge wrote about it, and it is no longer available.

This is the second time in the last week that Apple's App Store has made headlines for questionable app approval. Last Thursday, popular password management app LastPass raised the alarm about a fake "LassPass" app that was imitating its design and feature set. Apple pulled the app about a day after the news was shared on media sites.

Article Link: Pirated Movie App Disguised as Vision Test Snuck Onto App Store

 

[truthsteve]

If EU had their way, pirated apps for all.

 

[Fuzzball84]

Maybe it was intended to test the vision of the App store team… they were found not to be vision pros 🤔

 

[Populus]

If something as evident as this made its way to the App Store, who knows what else could be hidden on other apps…

 

[icanhazmac]

I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.

 

[Fuzzball84]

I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.

It probably wouldn't be so bad if they restricted apps to those of a certain quality… some of the apps you see in the store are just massively, massively questionable.

There is no real quality control like there is if they had been selling it in a physical Apple store of the days gone by.

 

[coolfactor]

I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.

There needs to be accountability. They know who clicked "Approve". That person needs to be brought in for their own review and enhanced training.

Apple should publish this type of info — "Johnny B. approved this app on March 7, 2023". Put the name out there for the public to see.

 

[Nermal]

I wonder whether this might have been an app effectively wrapping a website. Have a "clean" website when the app's being reviewed, and then swap it out to the other one once it's passed approval. It wouldn't be the first time a developer's pulled that sort of stunt.

Or it could be total incompetence...

 

[Populus]

It probably wouldn't be so bad if they restricted apps to those of a certain quality… some of the apps you see in the store are just massively, massively questionable.

There is no real quality control like there is if they had been selling it in a physical Apple store of the days gone by.

Yeah, I shared an example of this some weeks ago, on a thread: A Chinese app that used God of War: Ragnarok images as the game captures.

 

[coffeemilktea]

I logged onto MacRumors early this morning and the first article I saw was about another streaming service charging people more and giving them less.

I logged onto MacRumors after dinner and now I see an article about a piracy app that could let me watch all the shows I wanted for free, except it was pulled from the App Store this morning.

There has to be some kind of ironic twist of fate here... 🤔

 

[Robert.Walter]

Is Apple just calling it in now?

 

[erikkfi]

There needs to be accountability. They know who clicked "Approve". That person needs to be brought in for their own review and enhanced training.

Apple should publish this type of info — "Johnny B. approved this app on March 7, 2023". Put the name out there for the public to see.

What...? You're advocating Apple routinely doxx their own employees just in case one makes a mistake, so that we can all see exactly who, by name, to blame instead of the trillion-dollar company setting strict performance metrics on review times?

 

[Mrkevinfinnerty]

Wasn't a competitor. Just waved that sucker through

 

[GMShadow]

What...? You're advocating Apple routinely doxx their own employees just in case one makes a mistake, so that we can all see exactly who, by name, to blame instead of the trillion-dollar company setting strict performance metrics on review times?

Ah yes, it’s about metrics and not the fact that developers throw a massive hissy fit if their app takes more than 3.4 picoseconds to be approved.

Some of us weren’t born yesterday and remember how much devs used to scream when the reviews were all done by humans, because it often took a while.

 

[Haiku_Oezu]

EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

I seriously doubt that’s how the app looked like when it got into the hands of the review team

It’s super trivial to have a server side flag that you can toggle at any time that could kick your user interface into a whole separate hierarchy of view controller if said flag is true

I’m willing to bet if you had downloaded this app and disconnected from the internet before launching it it would have kicked you into the vision test UI

 

[Charliebird]

I guess the gardeners have called it quits.

 

[Jim Lahey]

Feels like Apple is becoming a bit of a clown show recently 🤡

Or very slowly since 2011…

 

[zemoleman]

Apple's vaunted screening process is clearly being run by a bunch of fools.

 

[JordanCautious]

I'll say the same thing here that I said on Reddit: Even if 100 apps like this one are found, reported on, and taken down, that’s still a 99.9% accuracy rate. Even if the number was 1000 apps...it still wouldn't make a dent in that number. There is literally over 1.6 million apps in the App Store lol. I think people forget the sheer scale of the App Store. But I do agree that Apple needs to improve the Review process or this will become a weekly headline.

 

[waterskier2007]

People blaming Apple here likely have no idea how apps can function. It’s entirely possible this is either a web app that changed the functionality once it was approved, or if it is a native app, they probably had a remote feature flag that they changed after the app was approved. Both are incredibly simple to implement.

I’m not saying I guarantee Apple is not at fault, but there are VERY simple ways to get past app review and then completely change up the app functionality.

 

[GrayFlannel]

EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

Even if 100 apps like this one are found, reported on, and taken down, that’s still a 99.9% accuracy rate.

More realistically, for every one found 100 weren’t since the old switcharoo is so simple.

 

[AeroEd]

If EU had their way, pirated apps for all.

They’d probably do a better job than Apple is doing currently. It seems almost like this is done on purpose to convince others that we need apples hand holding

 

[thays133]

EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

I seriously doubt that’s how the app looked like when it got into the hands of the review team

It’s super trivial to have a server side flag that you can toggle at any time that could kick your user interface into a whole separate hierarchy of view controller if said flag is true

I’m willing to bet if you had downloaded this app and disconnected from the internet before launching it it would have kicked you into the vision test UI

Even if not a web app super trivial to have a remote configuration downloaded. Hell a lot of apps do remote configuration. The app I work on we do it and turn on and off features. Configure the end point being used based on the country. It allows us to remotely update special feature or kill something that is not working remotely and with out an app update.

It allows for AB testing and so on.

Flip the flag for one way for review and flip it differently afterward. Review account does not get access to certain features.

This is more just showing what developers have known for a while. It’s just some people poking around but don’t understand the app. They are checking for rules compliance but super easy to get around.

 

[toobravetosave]

maybe multiple app stores would open up some competitive pressure for apple to get their **** together on the app store

 

[deepspacecowboy]

I’m not saying I guarantee Apple is not at fault, but there are VERY simple ways to get past app review and then completely change up the app functionality.

So what’s the point of app review in the first place?