Fraudulent LassPass App
LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent.
It doesn’t use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.
It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn’t ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.
[…]
Clone apps often make their way into the App Store , but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.
Branscombe is correct that even isolated incidents like this hurt Apple’s arguments in favor of App Store exclusivity. But what’s the counterargument? That anything short of 100 percent accuracy at flagging scams and rip-offs renders the entire App Store review process pointless? That if, say, 1 in every 1,000 scam attempts slips through, the entire process should be scrapped? That argument can’t be taken seriously.
A few points:
The question isn’t whether it’s pointless—it’s whether it does more harm than good. Aside from bad apps getting through, there are many legitimate apps that are inappropriately blocked or delayed.
And whether one half of a duopoly should be able to dictate which software is available for what is many people’s primary computing platform.
We have no idea what the real numbers are, but various third-party reports suggest that many scam apps remain in the store, even after reporting to Apple. And, of course, some have even been featured by Apple.
The App Store enables these scams. If users downloaded apps from the Web, such scams wouldn’t have the Google juice to get traction, but they can rocket to the top of the App Store search results just by having a name that’s shares a prefix with a hit product. Secondly, Apple has successfully convinced the general public that the App Store is curated, so people are trusting of what they download. They’re lulled into a false sense of security.
Previously:
Update (2024-02-14): Francisco Tolmasky:
Imagine an FDA as half-assed as the App Store, accidentally only requiring cancer warnings on some cigarettes, leading people to buy the cigarettes that “don’t cause cancer.” That’s the App Store.
[…]
A curated hellhole full of gambling traps for children that somehow still manages to let scams run for a week is nothing to be proud of, even if it is better than a competitor that isn’t even trying. Once upon a time we expected more from Apple.
6 Comments RSS · Twitter · Mastodon
I'm not sure I buy that scams couldn't get off the ground without the App Store, though I readily agree it makes a much broader target vector.
That said, as much as I think Gruber is overcharacterized at times as a loyalist cheerleader, he really can't pull his head out of his ass some days. Not very long ago he was arguing for an elite team with the App Store hierarchy that would actively root out scams, but now he's got a straw man of "burn it to the ground" to punch around instead of addressing the actual problem.
The most infuriating part is not that they ever make mistakes (sure, it happens) but that they have the time to scrutinize and shoot down apps for the most trivial of reasons, but apparently can’t even be bothered to look, even once, at who the listed developer is for something purporting to be a top app with major security implications. Really? Really???
@Kevin I kind of think it’s a strawman, but, realistically, burning it to the ground may be the only way to see major changes here. Apple has had many years to show that they don’t care.
> the App Store is curated
Yes, but if an App Store is to be curated by idiots or employees who accept bribes, how would that help?
I'm not a lawyer so one thing I don't understand is how Apple has apparently never been sued in the US for the App Store scams.
It's not curated. The PlayStation Store is curated. The Nintendo seal of quality was curated.
Millions of pay to win apps that copy each other isn't even close to curated.
Sigh. Gruber reduced to reductio ad absurdum. If there's a pot for his retirement fund, I'll gladly contribute.
Ultimately it is not known whether Apple will do a better job than any potential alternative, but there are good reasons—like this recent and particularly egregious example—to believe that it couldn't do worse. And frankly, my odds are on the latter, because Apple has a monopoly on the App Store, and therefore no incentive to do its job properly. And that's why we should support alternatives including, IMO, "sideloading".