Apple pulled a pretend app masquerading as password supervisor LastPass from the App Retailer – Cyber Tech

Apple has eliminated a pretend app that was masquerading as password supervisor LastPass on the App Retailer. The illegitimate app was listed beneath a person developer’s identify (Parvati Patel) and copied LastPass’s branding and person interface in an try and confuse customers. Past being revealed by a unique developer that was not LastPass proprietor LogMeIn, the pretend app additionally had numerous misspellings and clues that indicated its fraudulent nature, LastPass stated. That such an clearly pretend app bought by way of Apple’s App Overview course of is a foul search for the tech big, which has been arguing in opposition to new rules, just like the EU’s Digital Markets Act (DMA), by claiming these legal guidelines would compromise buyer security and privateness.

Apple stated that the DMA, which permits for third-party app shops and funds, may put shoppers in danger as a result of they’ll have the ability to conduct enterprise outdoors its App Retailer with unknown events. Dangerous actors may probably make the most of the brand new regulation to trick shoppers into shopping for subscriptions which are troublesome to cancel. They may even goal shoppers with malware, Apple had warned.

When introducing its plan for DMA compliance, Apple wrote, “The new choices for processing funds and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and dangerous content material, and different privateness and safety threats.”

However on this case, the risk to shoppers was coming from inside the App Retailer itself — not a third-party web site.

Nonetheless, how massive of a risk the pretend app truly was stays unsure.

In keeping with information from app intelligence supplier Appfigures, the pretend app was launched on January 21, which gave it a few weeks to seize customers’ consideration. However a number of shoppers appeared to have caught on that the app was not legit, as all of its App Retailer critiques have been warnings to others that the app was fraudulent, the agency famous.

The pretend app additionally leveraged the key phrase “LastPass” to rank within the search outcomes for the time period, however this didn’t get it very far — it solely ranked No. 7 within the search outcomes early at the moment, Appfigures stated.

As well as, the app by no means ranked on any of Apple’s High Charts, both its Total Free Apps chart or these by class, Appfigures stated. That lack of traction signifies that the app seemingly noticed solely a handful of downloads earlier than being pulled.

Whereas the app seemingly didn’t handle to dupe many shoppers, it may have. What’s extra, it’s upsetting to be taught that LastPass needed to warn clients publicly a couple of pretend app that by no means ought to have been revealed within the first place. And after its weblog submit was revealed, the app didn’t get faraway from the App Retailer till the next day.

In all chance, Apple took motion in opposition to the app by pulling it down from the App Retailer after press experiences. Apple has been requested for remark, however one was not instantly offered.

LastPass advised TechCrunch it was in contact with Apple representatives over the matter, together with how the app bought by way of App Overview.

“Upon seeing the pretend ‘LassPass’ app within the Apple App retailer, LastPass instantly started a coordinated and multi-faceted method throughout our risk intelligence, authorized and engineering groups to get the fraudulent app eliminated,” stated Christofer Hoff, chief safe expertise officer for LastPass, in an announcement offered to TechCrunch. “Our risk intelligence group posted a weblog yesterday to boost consciousness and assist inform the general public and our clients of the state of affairs. We’re in direct contact with representatives from Apple, they usually have confirmed receipt of our complaints, and we’re working by way of the method to have the fraudulent app eliminated.”

Hoff added that the corporate is working with Apple to “perceive extra broadly how an software like this handed their usually rigorous safety and model safety mechanisms. The naming conference, the iconography, and the outline of the fraudulent app are all closely borrowed from LastPass, and this seems to be a deliberate try to focus on LastPass customers,” he stated.

Apple confirmed on Friday the app had been eliminated and its creator was banned from its Apple Developer Program, per Overview Guideline which offers with impersonating apps. The corporate declined to share a public remark.

Up to date, 2/8/24, 2:30 PM ET with LastPass remark; 2/9/24 12:57 PM ET with Apple affirmation of elimination