Apple bills the App Store as a “safe space” for customers and developers. It has a review process that’s meant to look over every app before it’s approved for sale, which is meant to keep customers from being preyed upon. However, it doesn’t always pan out that way.
As reported today by The Washington Post, one customer ran into a bit of trouble from one scam Bitcoin app. A bit is underselling it, honestly, because that app actually stole a lot of money from Phillipe Christodoulou. According to the report, Christodoulou was looking for an app related to a piece of hardware he uses to store Bitcoin. He found an app that seemed to be the real deal, with the same logo he’s familiar with, and it had a rating that’s “close to five stars”.
Basically, it looked legit.
He downloaded and installed the app, signed in with his credentials, and then, in “less than a second”, Christodoulou lost nearly all of his life savings. In total, he lost 17.1 Bitcoin worth $600,000. Which is absolutely not a small amount of money.
However, while Christodoulou is probably angry enough at the thieves who stole his life savings, it’s actually Apple that has earned the majority of his rage. He says that Apple billed the App Store as a safe place to download apps, to basically avoid this very thing from happening. And yet, it happened, and now his life savings is gone.
He says:
They betrayed the trust that I had in them. Apple doesn’t deserve to get away with this.
As for how Apple got to this point, it’s what Apple calls a “bait-and-switch” maneuver. The app used the name of a trusted device, and used the company’s logo in the app’s icon. The app’s developer said it had nothing to do with cryptocurrency itself, but instead encrypted iPhone files and stored passwords. The switch came after the app was approved, when it became a cryptocurrency wallet. Apple was not able to detect that change, however, according to the report.
Of course, the Coalition of App Fairness, which includes companies like Spotify, Epic Games, and others, weighed in on the situation:
Apple frequently pushes myths about user privacy and security as a shield against its anti-competitive App Store practices,” said Meghan DiMuzio, executive director of the Coalition for App Fairness, which was formed to fight Apple’s power over its App Store. “The truth is, Apple’s security ‘standards’ are inconsistently applied across apps and only enforced when it benefits Apple.
And Apple’s own spokesperson said Apple focuses on trust, especially for consumers, and the company takes “swift action” against people who defraud App Store customers:
User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since,” said Apple spokesperson Fred Sainz. “Study after study has shown that the App Store is the most secure app marketplace in the world, and we are constantly at work to maintain that standard and to further strengthen the App Store’s protections. In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.
Apple won’t comment on how many scam apps are located in the App Store on a regular basis, or how many it removes.
Interestingly, mobile analytics firm Sensor Tower says that Apple approved the fake app on January 22 of this year. It took the real Trezor company (which the fake app was based on) reporting the fake app before Apple finally removed it. Apple also reportedly banned the developer as well.
This is not a great look for Apple, of course, because it does try so hard to promote safety in the App Store. These types of scams are relatively common on Google Play (Android’s digital storefront) and on the web, of course, but those platforms aren’t backed by Apple’s words and high hopes.
It’s a scary story, to say the least, and it should tell all of us that even though the App Store is most of our digital storefront of choice, we need to be careful of the apps we download and install.