Fake Retail Apps Are Surging Before Holidays
Vindu Goel (via Hacker News):
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
[…]
Some of them appeared to be relatively harmless — essentially junk apps that served up annoying pop-up ads, he said.
But there are serious risks to using a fake app. Entering credit card information opens a customer to potential financial fraud. Some fake apps contain malware that can steal personal information or even lock the phone until the user pays a ransom. And some fakes encourage users to log in using their Facebook credentials, potentially exposing sensitive personal information.
[…]
Many of the fake retail apps have red flags signaling that they are not real, such as nonsensical menus written in butchered English, no reviews and no history of previous versions.
Detecting malicious activity is a hard problem at scale — the App Review process has to handle thousands of apps every day — but it does seem like Apple could be doing more to protect the store from counterfeit software … especially with big, well-known, brands like Nike or Puma.
Update (2016-11-08): Nick Heer:
Contrary to the article, these apps did not appear “just in time for the holidays” — rather, that’s when the Times and New York Post noticed them. Even though Apple has now removed the apps from the App Store, there’s evidence around the web that these apps have been in the store since mid-September.
