Topics
tardy
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
Commerce
Crypto
Image Credits:App Store screenshot, courtesy of Appfigures
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
ironware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
certificate
Social
infinite
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Apple has removed a fake app that wasmasquerading as parole manager LastPasson the App Store . The illegitimate app was listed under an individual developer ’s name ( Parvati Patel ) and copy LastPass ’s branding and exploiter port in an effort to put off drug user . Beyond being bring out by a different developer that was not LastPassowner LogMeIn , the fake app also had various misspellings and clues that indicated its deceitful nature , LastPass said . That such an obviously fake app got through Apple ’s App Review process is a bad look for the tech behemoth , which has been arguing against new regulations , like the EU ’s Digital Markets Act ( DMA ) , by claiming these laws would compromise client base hit and privateness .
Apple state that the DMA , which allows for third - company app fund and payments , could put consumer at risk because they ’ll be able to carry on job outside its App Store with unknown party . Bad actors could potentially utilize the new ordinance to trick consumer into buying subscription that are difficult to set off . They could even direct consumers with malware , Apple had warned .
When introducing its plan for DMA complaisance , Apple wrote , “ The new option for processing payments and downloading apps on iOS open newfangled boulevard for malware , pseudo and scams , illicit and harmful content , and other privacy and security threat . ”
But in this case , the threat to consumers was coming from within the App Store itself — not a third - party website .
Still , how expectant of a menace the fake app in reality was remain uncertain .
According to datum from app intelligence activity providerAppfigures , the fake app was released on January 21 , which gave it a dyad of week to entrance users ’ aid . But several consumer seemed to have beguile on that the app was not legit , as all of its App Store review were warning to others that the app was fraudulent , the firm noted .
The fake app also leverage the keyword “ LastPass ” to rank in the lookup results for the terminal figure , but this did n’t get it very far — it only outrank No . 7 in the search results early today , Appfigures said .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
In addition , the app never ranked on any of Apple ’s Top Charts , either its Overall Free Apps chart or those by category , Appfigures said . That lack of traction bespeak that the app likely attend only a fistful of downloads before being pull .
While the app likely did n’t manage to dupe many consumers , it could have . What ’s more , it ’s upsetting to learn that LastPass had to warn customers publically about a fake app that never should have been published in the first place . And after its blog post was published , the app did n’t get removed from the App Store until the following day .
In all likeliness , Apple fill action against the app by pull it down from the App Store after closet reputation . Apple has been ask for comment , but one was not directly provided .
LastPass tell TechCrunch it was in touch with Apple representatives over the matter , including how the app father through App Review .
“ Upon seeing the bogus ‘ LassPass ’ app in the Apple App store , LastPass instantly get a coordinated and multi - faceted approach across our scourge intelligence , effectual and engineering squad to get the fraudulent app removed , ” said Christofer Hoff , chief unattackable engineering officer for LastPass , in a program line provided to TechCrunch . “ Our threat intelligence squad post a web log yesterday to fire awareness and avail inform the public and our customers of the spot . We are in direct liaison with representatives from Apple , and they have confirmed receipt of our charge , and we are working through the procedure to have the fraudulent app removed . ”
Hoff total that the society is working with Apple to “ sympathise more broadly how an lotion like this pass their commonly stringent security measures and mark protection mechanisms . The key convention , the iconography , and the description of the fraudulent app are all to a great extent borrowed from LastPass , and this appear to be a careful attempt to target LastPass users , ” he said .
Apple confirmed on Friday the app had been hit and its Jehovah was ban from its Apple Developer Program , per Review Guideline which deals with impersonate apps . The fellowship declined to partake in a public input .
Updated , 2/8/24 , 2:30 PM ET with LastPass gossip ; 2/9/24 12:57 PM ET with Apple verification of removal
