Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
64,408
32,218


A vision testing app named "Kimi" with a not-so-hidden pirated movie feature recently made its way past Apple's review team, ultimately reaching number eight on the list of top free entertainment apps.

kimi-app.jpg

As reported by The Verge, Kimi's App Store listing claimed that it was an app that "tests your eyesight," but when downloaded and installed, it opened right up to a clear TV show and movie interface for downloading and watching pirated content. There was no attempt to hide the app's true purpose behind some kind of vision test interface, which begs the question of how it made its way past the App Store review team.

The App Store description mentioned comparing two pictures as an eyesight test, watching scenery, and playing games, but none of those features were present in the app.

For an app focused on pirated content, Kimi had a fleshed out feature set. It offered top movies, search options, recommended suggestions, games, and more, with ads included for monetization purposes. The app was first approved in September, and it was available for several months in the iOS and macOS App Stores without Apple noticing.

Apple pulled the app this morning after The Verge wrote about it, and it is no longer available.

This is the second time in the last week that Apple's App Store has made headlines for questionable app approval. Last Thursday, popular password management app LastPass raised the alarm about a fake "LassPass" app that was imitating its design and feature set. Apple pulled the app about a day after the news was shared on media sites.

Article Link: Pirated Movie App Disguised as Vision Test Snuck Onto App Store
 

icanhazmac

Contributor
Apr 11, 2018
2,664
10,208
I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.
 

Fuzzball84

macrumors 68020
Apr 19, 2015
2,443
5,648
I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.
It probably wouldn't be so bad if they restricted apps to those of a certain quality… some of the apps you see in the store are just massively, massively questionable.

There is no real quality control like there is if they had been selling it in a physical Apple store of the days gone by.
 

coolfactor

macrumors 604
Jul 29, 2002
7,258
10,068
Vancouver, BC
I wonder what/who is to blame here. Does Apple place an unrealistic goal of apps per day on their testers or did one of these folks wake up one day feeling a little lazy?

It has to be tough managing this at scale but Apple needs to do a better job. These optics are horrible.

There needs to be accountability. They know who clicked "Approve". That person needs to be brought in for their own review and enhanced training.

Apple should publish this type of info — "Johnny B. approved this app on March 7, 2023". Put the name out there for the public to see.
 

Nermal

Moderator
Staff member
Dec 7, 2002
20,788
4,285
New Zealand
I wonder whether this might have been an app effectively wrapping a website. Have a "clean" website when the app's being reviewed, and then swap it out to the other one once it's passed approval. It wouldn't be the first time a developer's pulled that sort of stunt.

Or it could be total incompetence...
 

Populus

macrumors 603
Aug 24, 2012
5,180
7,524
Spain, Europe

coffeemilktea

macrumors 65816
Nov 25, 2022
1,040
4,319
I logged onto MacRumors early this morning and the first article I saw was about another streaming service charging people more and giving them less.

I logged onto MacRumors after dinner and now I see an article about a piracy app that could let me watch all the shows I wanted for free, except it was pulled from the App Store this morning.

There has to be some kind of ironic twist of fate here... 🤔
 

erikkfi

macrumors 68000
May 19, 2017
1,726
8,090
There needs to be accountability. They know who clicked "Approve". That person needs to be brought in for their own review and enhanced training.

Apple should publish this type of info — "Johnny B. approved this app on March 7, 2023". Put the name out there for the public to see.
What...? You're advocating Apple routinely doxx their own employees just in case one makes a mistake, so that we can all see exactly who, by name, to blame instead of the trillion-dollar company setting strict performance metrics on review times?
 

GMShadow

macrumors 68000
Jun 8, 2021
1,937
7,900
What...? You're advocating Apple routinely doxx their own employees just in case one makes a mistake, so that we can all see exactly who, by name, to blame instead of the trillion-dollar company setting strict performance metrics on review times?

Ah yes, it’s about metrics and not the fact that developers throw a massive hissy fit if their app takes more than 3.4 picoseconds to be approved.

Some of us weren’t born yesterday and remember how much devs used to scream when the reviews were all done by humans, because it often took a while.
 

Haiku_Oezu

macrumors 6502a
Oct 31, 2016
549
740
EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

I seriously doubt that’s how the app looked like when it got into the hands of the review team

It’s super trivial to have a server side flag that you can toggle at any time that could kick your user interface into a whole separate hierarchy of view controller if said flag is true

I’m willing to bet if you had downloaded this app and disconnected from the internet before launching it it would have kicked you into the vision test UI
 

JordanCautious

macrumors regular
Sep 26, 2023
209
521
I'll say the same thing here that I said on Reddit: Even if 100 apps like this one are found, reported on, and taken down, that’s still a 99.9% accuracy rate. Even if the number was 1000 apps...it still wouldn't make a dent in that number. There is literally over 1.6 million apps in the App Store lol. I think people forget the sheer scale of the App Store. But I do agree that Apple needs to improve the Review process or this will become a weekly headline.
 

waterskier2007

macrumors 68000
Jun 19, 2007
1,872
230
Novi, MI
People blaming Apple here likely have no idea how apps can function. It’s entirely possible this is either a web app that changed the functionality once it was approved, or if it is a native app, they probably had a remote feature flag that they changed after the app was approved. Both are incredibly simple to implement.

I’m not saying I guarantee Apple is not at fault, but there are VERY simple ways to get past app review and then completely change up the app functionality.
 

GrayFlannel

macrumors 6502a
Feb 2, 2024
512
928
EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

Even if 100 apps like this one are found, reported on, and taken down, that’s still a 99.9% accuracy rate.

More realistically, for every one found 100 weren’t since the old switcharoo is so simple.
 

1129846

Cancelled
Mar 25, 2021
528
988
EDIT: taking a closer look at the screenshots it’s obviously a web app, clearly they pulled the old switcharoo after getting approved

I seriously doubt that’s how the app looked like when it got into the hands of the review team

It’s super trivial to have a server side flag that you can toggle at any time that could kick your user interface into a whole separate hierarchy of view controller if said flag is true

I’m willing to bet if you had downloaded this app and disconnected from the internet before launching it it would have kicked you into the vision test UI

Even if not a web app super trivial to have a remote configuration downloaded. Hell a lot of apps do remote configuration. The app I work on we do it and turn on and off features. Configure the end point being used based on the country. It allows us to remotely update special feature or kill something that is not working remotely and with out an app update.

It allows for AB testing and so on.

Flip the flag for one way for review and flip it differently afterward. Review account does not get access to certain features.

This is more just showing what developers have known for a while. It’s just some people poking around but don’t understand the app. They are checking for rules compliance but super easy to get around.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.