A fraudulent bitcoin app designed to impersonate a legitimate app passed Apple's approval filter and appeared on the App Store. User Phillipe Christodoulou used it to check the status of his 17.1's (equivalent to $ 600.000) and the app stole them, according to the Washington Post.
Christodoulou wanted to check his bitcoin balance in February and searched the App Store for "Trezor", the company that makes the device in which he keeps his cryptocurrency. He saw an app with the Trezor logo and a green background, so he downloaded it and entered his credentials.
Unfortunately, the app was bogus and was designed to appear legitimate in the eyes of bitcoin owners. Christodoulou's entire bitcoin balance has been stolen and, understandably, he's mad at Apple, "Apple doesn't deserve to get away from that," he told The Washington Post.
Apple would have examined all the apps that are submitted to the "App Store" to prevent iPhone users from downloading deceptive applications, but it is known that there are hundreds of rogue applications and copies of others that are successful, such as the fake Trezor application that is Them " sneak 'and have catastrophic consequences for users of Apple products, as in the present case.
Apple claims that the fake Trezor app has passed the App Store approval using the "cheat and switch" technique. His name was Trezor and he used the Trezor colors and logo, but he claimed it was an "encryption" app to encrypt iPhone files and save passwords. The developer of the fake application assured Apple that it "had nothing to do with cryptocurrencies." Once the fake Trezor app was approved, it changed its functionality to become a cryptocurrency wallet, which Apple did not detect.
Apple declined to comment on how often fraudulent apps are discovered or how often they are removed from the App Store. The company said, however, that some 6.500 apps were removed last year for "hidden or undocumented functionality".
Apple acknowledged having discovered other fraudulent cryptocurrency apps in the App Store, but did not provide the numbers or if there have been any fake Trezor apps in the past. Trezor does not offer an iOS app, and a Trezor spokesperson said he informed Apple and Google that such rogue apps have been around "for years."
Apple did not provide the Washington Post with the name of the developer of the fake Trezor app, or whether the developer had other applications in the "App Store" under other names, or whether Apple had given the name to the authorities. Apple claims to have removed the fake Trezor app and expelled the developer once Trezor's real company reported it. Another fake app appeared two days late and Apple removed it as well.
British cryptocurrency regulator Coinbase says it has received around 7.000 crypto asset stolen incidents since 2019 and that fake apps on both the Google Play Store and 'App Store' are common complaints. In fact, (at least) five people had their cryptocurrencies stolen from the fake Trezor app for iOS, with losses of $ 1,6 million.
Data provided by Sensor Tower suggests that the fake Trezor app was on the App Store from January 22 to February 3 and was downloaded about a thousand times. The 17,1 bitcoins Christodoulou lost today are worth a million dollars, and Christodoulou says he hasn't heard from Apple so far.
Another iPhone user who lost the equivalent of $ 14.000 in cryptocurrency Ethereum and bitcoin claims that an Apple representative told him that Apple is not responsible for the losses caused by the fake Trezor app.
Opinion
We cannot stress enough how profound this situation is for Apple.
As they say, you can't be in procession and play. You can't stand in court defending your right that only your shop can be used, because you control it and make sure everything is safe and private and then you say you have no responsibility if thieves sneak into your garden.
That Apple is responsible (even if it's just a subsidiary, which it isn't. It is directly responsible) that there are applications stealing users using its store is obvious.
But in this case, furthermore, to say that an application uses the logo of a cryptocurrency company, the colors of a cryptocurrency company, but it is not of that company and the developer says that it has nothing to do with cryptocurrencies, is from making fun of you.
With how strict Apple is with its intellectual property, allowing unofficial applications to use logos and color schemes that clearly and unambiguously try to mislead you, are posted in the App Store is like filing a lawsuit.
If only for that, those apps should never get approved. But if an app looks like a company, it uses the company's logo and colors but the developer says it has nothing to do with that company, shouldn't anyone suspect the developer's intentions? At least reasonable doubts as to why a developer might want to pass off their application as something it isn't ...
If Apple wants to have a private garden where everyone has to go through in order to install things on their devices, obviously it is responsible for what happens inside. Just like you wear badges when reporting payments you make to developers making money on your App Store, you need to take responsibility when thieves sneak in stealing from visitors.
Otherwise, as Fortnite and his colleagues from the Coalition for App Justice claim, it will just be hypocrisy and a win-win argument that Apple uses when it suits them. And we don't like that Apple.