Archive for February 19, 2024

Monday, February 19, 2024

Fraudulent Rabby Wallet App

Filipe Espósito:

As shared by Rabby Wallet on X (via CoinTelegraph), there’s an imposter app available on the App Store using the platform’s name and identity. Named “Rabby Wallet & Crypto Solution,” the app has been available on the App Store for at least four days. On Reddit, some users claim to have had their money stolen by the fake crypto app.

[…]

Affected users have been trying to contact Apple to warn the company about the scam, as well as the real developers behind Rabby Wallet. However, days later, the imposter crypto app remains available on the App Store. Furthermore, Rabby Wallet claims to have submitted its official app to the App Store, but Apple approved the fake app before the real one.

Unfortunately, this is not the first time that a fake Rabby Wallet app for iOS has been approved by Apple.

See also: Apple Support Community.

Previously:

Update (2024-02-20): John-Anthony Disotto:

It appears that the fake Rabby Wallet application is no longer available as iMore wasn’t able to access the listing on the App Store, but the damage has, unfortunately, already been done.

[…]

While every app on the App Store goes through a strict approval process, some can fall through the cracks, like in 2021 when one iPhone user lost $600,000 in Bitcoin to a similar crypto app scam.

Update (2024-02-27): Joshua Long:

It isn’t clear exactly when the Curve Finance app first made it into the App Store. The fake Rabby Wallet app was likely available starting on February 14, given the date on which the fake app’s Facebook page was created and the first (negative) review was posted.

The fake Curve Finance app somehow had a “4.6 out of 5” star rating, with apparently nine five-stars and a single one-star rating. Meanwhile, the fake Rabby Wallet app wasn’t pre-loaded with fake ratings, so it had a “1.0 out of 5” due to two one-star ratings.

[…]

Both fake finance apps used the real products’ names. This time the fake apps’ developers didn’t even try to hide behind typosquatting or similarly spelled names; they just went directly for stealing the names of the companies and products they were mimicking.

Hidden Messages Features in iOS 17

Tim Hardwick:

If you press and hold the + button, you will be dropped straight into your photo library, ready to select the pictures you want to send.

[…]

Thankfully, in iOS 17, Apple improved the search function so that you can combine search queries and narrow down results to quickly find the messages that you’re looking for. If you’re looking for an image or link from a certain person, for example, first type in the person’s name, then tap “Messages with: [person’s name]”.

Next, select the “Photo” or “Link” filter that appears, and Messages will narrow down the search results further. You can then enter an additional keyword and Messages will show you any links or pictures containing the word. Alternatively, you can start a search with a keyword and then filter the results by person, link, photo, or location.

The Messages feature I’d like to see is being able to Tapback or easily reply from within a notification on macOS.

Previously:

iOS RCS Support Due to China

John Gruber (9to5Mac, Hacker News):

So even if iMessage had been deemed a “gatekeeper” messaging platform by the European Commission — which it was not — adding RCS support to the iPhone Messages app would not have mattered a whit when it came to DMA compliance.

[…]

But then why did Apple do a 180° turn on RCS? I can’t say for certain, alas, but after spending the last few months periodically poking around the trees inhabited by little birdies, I do have good news for fans of coercive government regulation. Apple’s hand was effectively forced. But by China, not the EU.

Chinese carriers have been proponents of RCS for years, and last year, the Chinese government began the process of codifying into law that to achieve certification, new 5G devices will be required to support RCS. (Here’s a good English translation on Reddit of the parts relevant to Apple.) Shockingly, the Chinese government seemingly isn’t concerned that the RCS standard has no provisions for encryption. The little birdies I’ve spoken to all said the same thing: iOS support for RCS is all about China.

Eric Schwarz:

Personally, the current state of iPhone-to-Android SMS/MMS is terrible, so I’m looking forward to RCS—it’s not something my Android-using pals need to adapt to message me with other services or half-baked iMessage implementations. Is RCS perfect? No, but it’s a drop-in-place improvement over what we currently have.

Previously:

Update (2024-02-20): See also: MacRumors.

Reporting a Full Disk Access Bug to Apple

Beatrix Willius:

Update from Ventura to Sonoma.

[…]

It is still possible to access the Mail folder even though FDA has been revoked. This also happens for other apps like Find Any File. I revoked FDA for Find Any File and was still able to search for emails in the Mail folder.

[…]

On 21-Sep-2023, I reported the bug to Apple as a security issue. Apple requested videos demonstrating the problem, code snippets, and screenshots. This took place over several weeks in November. At some point between the end of November 2023 and February 2024 the case was closed. Apple stated that they were not able to identify a security issue[…]

Previously: