Fake Last Pass in App Store


The timing is terrible. Just when Apple is trying to convince the world their heavy-handed app store approach is required to keep users safe.

And another one. Apple “reviewed” and hosted (since Sep!) an app on the App Store that helped pirate movies. It didn’t even hide the fact. It took a Verge article full of online shaming to get Apple’s attention. Wonder what else that app did on people’s phones or could have done, with Apple’s permission.

I hope EU regulators take good note. And remind Apple that at some point facts matter.

Such lapses are indeed embarrassing for Apple, but without knowing all the numbers in the equation, it’s hard to know what Apple’s hit rate on blocking problematic apps is and thus how concerned to be. If Apple is evaluating 1 million apps and updates per year, and 10 slip through, that’s a lot different than if 100,000 are slipping through.


It’s not just about “slipping through”. It’s just as much about how long potentially nefarious apps remain available. 6 months is certainly longer than I would expect internal auditing intervals to take place. Of course, the question arises if there is such auditing at all or if perhaps checks only ever take place if/when an app is updated. That would then mean that once the perps notice their app has “slipped through” they’d know just not to update it and from then on it’s smooth pickings.

1 Like

Given that there are over 1.8 million apps in the App Store, I’d be surprised if Apple would run significant internal auditing at all unless the standard vetting automation was changed in such a way that it would be worth running it against already accepted apps to see if it identified new problems. But I have no inside knowledge either way.

1 Like

Apple argued strongly (and rightly in my view) about the dangers inherent in the EU’s requirement to “open the walled iOS garden”

Having failed to convince the EU Apple then spent a lot of brain power, time and money devising an apparently complicated, high hurdle alternative app store which I’m given to understand barely meets the EU’s requirements – effectively giving the EU a two-finger salute.

If Apple truly believes its own arguments and that it has a moral obligation to “keep users as safe as possible”, I think Apple’s obliged to put the resources in place to fully vet every app/update it allows into its app store – yes all 1.8 million plus apps.

If it doesn’t believe those things and it’s really just about the money, then surely Apple’s obliged to establish a proper alternative app store, without the hoops and hurdles.

To a certain extent, it is all about the money. Many of Apple’s actual objections to “opening up” the App Store the way the EU wants relate to provisions that have nothing to do with security or safety, but rather with Apple’s ability to make more money from developers and be arbitrarily opaque about what allows some questionable apps to get through while others with no nefarious intent are rejected without telling developers enough about what’s wrong to be able to correct the issues.

If Apple were to open the App Store to meet what the EU really wants, they would have to reduce their monopolistic monetization and be more transparent about acceptance criteria. To avoid this, Apple claims that it’s all about ensuring that bad content is kept out of the App Store—even though their track record on this is obviously open to interpretation.

But if Apple admits to any flaws in its review process, that opens them to stronger justifications for forcing the App Store to be less restrictive, on the grounds that they’re not being as successful as they claim at stopping junk and therefore their heavy-handed guidelines aren’t necessary, because they don’t actually work all that well.

When all is said and done, though, the fact that incidents with bad apps getting through, like the bogus Last Pass and pirate streaming ones, are notable, widely reported, and infrequent suggests that their process is mostly successful. With 1.8 million apps currently available, the fact that issues like this are reported only from time to time, as compared to the sometimes daily reports of bad Android apps, should mean that Apple is, overall, doing a good job with keeping out the crap.

Yet, there are still problems with Apple’s guidelines, problems that aren’t particularly relevant to safety and security. Which brings us back to where we started: Apple is using the “security” argument to justify guidelines and processes that are not necessary for security.

It’s a circular argument, and I think deliberately so. If Apple can keep bringing the argument back to “security”, they can avoid having to admit that many of their polices aren’t about security at all. They can argue that the EU wants Apple to throw the baby out with the bathwater while claiming that the bathwater is necessary for the baby’s survival.

It’s entirely Apple’s choice how many apps they want to host. If they can’t properly inspect all 1.8M, then perhaps they need to remove the amount they cannot handle (considering at least half the apps are complete garbage anyway that should be rather simple). Or just admit, that their talk about the iOS closed single store being the only thing between bliss and abyss is, well, mostly talk. Of course those of us who are familiar with Mac already knew that seeing as we can keep our Macs safe and productive in spite of being able to download software from pretty much anywhere.

1 Like

Those of us that use Macs and download software from “pretty much anywhere” are a lot more risk aware than most of the people that use iOS. To the rest of them it’s an appliance and they have no clue what security practices are (just think of the number of people that use Facebook, Instagram, TikTok, Snapchat and have no idea what they are opening themselves up for)…