The App Store Scammer Strikes Back
First, Virus Protection for Phone is back in the App Store! The App Store URL is the same, and the developer is the same, Virtual Advisors Limited. The app version history shows a large gap, with version 1.8 released in February 2025, before my blog post, and version 1.9 released just a few days ago. In retrospect, I have no way of knowing whether Apple removed the app from the App Store. The notoriously secretive corporation certainly didn’t make any kind of statement. It’s possible that the app developer voluntarily unpublished the app after noticing the bad publicity.
The second update to the story is that the same scammer appears to have a second scam app in the App Store iPhone Cleaner - Virus Protect under a different developer account, Ranger Bookie Investments LLC. How did I discover this second app? The same way I discovered the first app: an advertisement on a sketchy video streaming website.
[…]
According to AppFigures, iPhone Cleaner - Virus Protect had 65,000 downloads and an estimated net revenue of $310,000 worldwide over the last month. That’s more money than I make in a year! I guess crime does pay.
[…]
For example, curiously, neither developer (they’re surely one and the same developer) identifies as a trader in the European Union, despite the fact that both apps have In-App Purchases.
Looking at the Top Free Apps list on the Mac App Store as I write this line, the 6th most popular app is called “AI Chatbot · Ask AI Anything 5.2”. It sits right after Microsoft Excel and CapCut, and before Microsoft PowerPoint. No, this app — unrelated to OpenAI — is not fishy at all (!) and the Mac App Store is very safe. The 12th most popular app on the list is “HP: Print and Support”. Great, great stuff.
A fake Mac app designed to look like the real thing snuck past Apple’s app review team, costing users $9.5 million in cryptocurrency.
According to CoinDesk, a fake macOS version of the Ledger Live crypto wallet app scammed people into handing over access to their cryptocurrency wallets. More than 50 people fell victim to the fake app between April 7 and April 13.
Ledger has an official Mac app, but it is distributed via the Ledger website and not through the Mac App Store.
With unhappy timing, news of this scam broke in the same week as the banning of Freecash, as reported by Macworld’s sister site TechCrunch. In adverts, Freecash offered to pay users to scroll on TikTok, but this was a flimsy veil for its real purpose: harvesting sensitive data. By installing and running the app, users were giving up data about anything from their religion to their sexual orientation, which the makers happily sold on to third parties.
[…]
That decision would appear to indicate that Freecash does not, contrary to its makers’ protestations, meet the standards of Apple’s App Store. (The Android app is still showing up for me in Google search, but the URL it directs to no longer works. Presumably, then, it’s been kicked off Google Play too.) But once again, it’s unclear why Apple’s vetting team wasn’t able to spot this shortcoming before welcoming the app on to the company’s official storefront. Or why it took so long to take action against an app whose murkier practices had been highlighted by journalists months previously.
[…]
This week has been unusually bad, but stories of this sort don’t come as a surprise any more. The App Store of 2026 is absolutely stuffed with slop, scams, and clones, propped up by an ecosystem of fake reviews pushing undeserving apps to the top of the charts. Phil Schiller was complaining about “insane” scam apps 14 years ago, and to the casual eye it’s difficult to see that things have got any better.
[…]
If running an app store is too much trouble, close it down. If comprehensive vetting is impractical, stop pretending the App Store is completely safe. (And definitely stop scaremongering about sideloading.) If you can’t make the App Store a truly reliable resource for good, safe, legitimate software, then give iPhone users the freedom to install from other places. Or just stop pretending the App Store monopoly is about anything other than revenue.
Price calls the App Store “rotten” — is there any other word? — and says Apple should “give iPhone users the freedom to install from other places. Or just stop pretending the App Store monopoly is about anything other than revenue” if it cannot effectively police its wares. I imagine Apple would argue it enforces its rules all the time and sometimes things just get through.
But that kind of response only reveals the scale of the store and, consequently, the problem: nobody can effectively govern this many items, especially when they are all user-submitted.
Three scam apps I mentioned in my blog post are still in the crApp Store:
Stronix VPN, Reliable VPN, Privacy Pro VPN
Two mentioned apps are gone, but one already left and came back, so we don’t know if it was Apple or the developer who removed them.
Previously:
- Mac App Store Review Times Increasing
- Free With In-App Purchase Is a Sham
- App Store Trader Status Deadline
- Virus Protection for Phone
Update (2026-04-17): Sarah Perez:
When reached for comment, Almedia, the Germany-based company that owns Freecash, denied allegations of driving artificial traffic to its platform or using deceptive marketing techniques.
“Our apps are fully compliant with the Apple App Store and Google Play Store policies, as demonstrated by the fact that they are live and regularly pass platform reviews,” an email from Almedia PR manager James Law, signed “Almedia Press Office,” noted.
[…]
A Washington Post report about the scam app ecosystem noted this trend, highlighting several fraudulent apps that would disappear from the App Store and then reappear under a different developer account. Other independent investigations have documented this tactic as well, and often, scam apps’ owners operate a portfolio of accounts, it’s been reported.
As I have repeatedly written, it boggles my mind why Apple doesn’t have an App Store “bunco squad” that targets scam and fraud apps that are popular and/or high-grossing. It’s folly to think that the App Store could ever be completely free of scam apps. But it’s absurd that this app Freecash rose to #2 in the App Store, with millions of downloads, and Apple only took a look at and removed it after TechCrunch asked about the app.
There is no way Apple would fund a “bunco squad” whose sole job was to reduce Apple’s revenue. They simply are not being hit by the consequences of the crap that is on the App Store. They are more than big enough and powerful enough to peddle the clearly false statement that the App Store keeps you safe, while making 30% off scamming victims and addicts, and people will continue to believe it’s all good.
William Gallagher and Mike Wuerthele:
We also know that this isn’t new. But it is escalating, and getting far, far worse and more prevalent.
[…]
Apple cannot take a high ground and say only it can protect users, when it is not actually protecting them as well as it could and should.
[…]
It would unquestionably add to Apple’s workload if it checked on an app a few hours or a few days after allowing such an update. But this is a known method that scammers use to get by the App Store review team.
[…]
After we reported less than four days ago about the fraudulent apps, Apple got back to us. They repeated the same talking points that they always do when an app gets pulled after it steals money from users, or some other nefarious deed. […] Essentially the same email was sent to us 29 times over the last decade. The emails used verbatim quotes 17 times over that timespan.
Update (2026-04-21): Lin Xi Qin:
Three of the four apps offer “lifetime” subscriptions for $99.99, an economically impossible promise for any product whose ongoing cost scales with user activity. One of them links to a privacy policy that, on close reading, is a copy-paste from a completely unrelated app the same developer previously published. Another ships screenshots advertising “AI Content Detector” and “Humanizer” features that, by their nature, exist to evade OpenAI’s own AI-detection tools — a direct violation of OpenAI’s usage policy for its API.
[…]
What the HTTP capture shows is that the app presents users with a model selector containing GPT-5.4 and GPT-5.3 options — charges them premium subscription fees — and then, when they actually send a query, the code substitutes the cheapest model available and pockets the price differential as margin.
This is not a trademark technicality. It is commercial fraud in the plain sense.
[…]
On March 30, 2026, The Daily Tech Feed published a technical investigation of the first two apps — the Hira Amin “5.4” and the Hadiqa Bashir “5.2.” Their analysis, based on direct examination of the compiled binaries and captured network traffic, documents that the two apps are not independent products from independent developers. They are duplicated instances of the same underlying software, distributed through two separate Apple developer accounts.
Finally, never misinterpret claims made of an app’s credentials. Although every App Store app is reviewed by Apple, experience has shown that’s far from being a reliable protection from fraud.
[…]
I’m afraid that when it comes to checking potentially fraudulent apps, you’re still responsible for making your own decisions. Please choose wisely.
Update (2026-04-28): Ravie Lakshmanan (tweet):
The 26 apps, collectively dubbed FakeWallet, mimic various popular wallets like Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet. Many of these apps have since been taken down by Apple following disclosure. There is no evidence that these apps were distributed via the Google Play Store.
[…]
These apps have icons that mirror the original but have intentional typos in their names (e.g., LeddgerNew) so as to trick unsuspecting users into downloading them. In some cases, the app names and icons have no connection to cryptocurrency. Instead, they are used as placeholders to direct users to download the official wallet app through them, claiming they are “unavailable in the App Store” due to regulatory reasons.
Kaspersky said it also identified several similar apps likely linked to the same threat actor that do not have the malicious features enabled, but have been found to mimic a benign service, such as a game, a calculator, or a task planner. Once launched, these apps open a link on the web browser and leverage enterprise provisioning profiles to install the wallet app on the victim’s device.
11 Comments RSS · Twitter · Mastodon
I don't understand how Schiller of all people could be "complaining" 14 years ago and nothing has changed. That's right up there with Federighi calling minor, long overdue iOS features "an age of wonders." It's your software dude, I don't know what you think is funny.
And of course Heer is correct. Apple can't claim 100% protection, so they shouldn't demand 100% compliance. It's already abundantly clear that developers of good software have rejected the Mac App Store because its limitations are clearly almost entirely to Apple's benefit and no one else's.
One thing I find interesting is that these are often the same class of apps, and they technically aren't exploiting anything but people. If people willingly enter their wallet keys or activate VPNs without knowing the consequences, I'm not sure what Apple or anyone else is supposed to do about that.
Trying to filter out all scams is a very difficult task that Apple has clearly not set themselves up to succeed at. Especially when they have thousands of games with a very thin line between gaming/gambling/scamming.
But as Johnson points out, those are all extremely profitable, so the incentives are terribly misaligned.
“Our apps are fully compliant with the Apple App Store and Google Play Store policies, as demonstrated by the fact that they are live and regularly pass platform reviews,”
Oh my, thing that everyone earned about happens.
"We're not crooked, Apple says so"
It’s a shame Apple as an organisation haven’t cared enough about security of their customers to allocate the resources needed to ensure it in the App Store.
It’s a walled garden with a lot of breaks in the wall - I wouldn’t even recommend a non-tech friend or family member to search for anything in the App Store as the result are almost certain to be full of scams and crappy rip-offs.
Things could have been so much better but alas…
If you want things to change, there is a simple law to pass: make the Shop seller responsible of what they sell legally.
I guarantee you the day Apple can be sued for what they sell in their shop and all the scams, things will change fast.
This article raises valid concerns about misleading AI apps on the Mac App Store, but the analysis is incomplete and selectively framed. Any serious discussion of App Store abuse must be grounded in Apple’s own App Review Guidelines and applied consistently across all developers operating in this space.
A clear omission is Neural Techlabs, whose apps exhibit patterns that align directly with multiple guideline violations.
First, model misrepresentation. Apps are advertised using labels such as “GPT-5.4, while actual runtime responses indicate usage of GPT-4.1-class models. This is not a minor discrepancy — it is a material misrepresentation of product capability. Apple’s guidelines require that app metadata and claims be accurate and not misleading. Presenting a higher-tier model than what is actually delivered violates that standard.
Second, misleading branding and metadata usage. These apps consistently use terms like “ChatGPT,” “OpenAI,” and “Gemini” across screenshots, titles, and keyword metadata. The visual design, naming, and positioning closely resemble official products, increasing the likelihood of user confusion. Apple explicitly prohibits copycat representations and warns against using trademarked terms or metadata in a way that misleads users or attempts to game search rankings.
Third, repeated template-based app distribution. Multiple apps from this developer — including both “ChatGPT-style” and “Gemini-style” variants — share nearly identical UI layouts, interaction flows, and structural patterns, with only superficial changes such as color. This strongly indicates reuse of a common template rather than independently developed applications. Under Apple’s “Design Spam” and “Copycat” provisions, this type of pattern is a known abuse vector.
Additionally, at least one ChatGPT-style app from this developer has previously been removed, reportedly due to copycat presentation involving icons and screenshots, and later reappeared with similar characteristics. Repeated submission of near-identical apps after enforcement action raises serious compliance concerns under Apple’s Developer Code of Conduct.
Relevant apps:
https://apps.apple.com/us/app/ai-chat-bot-ask-ai-anything/id6447312365
https://apps.apple.com/us/app/ai-chat-bot-for-google-gemini/id6502608500
The issue here is not about targeting one developer over another. It is about applying Apple’s rules consistently. Apple’s guidelines clearly prohibit misleading metadata, inaccurate claims, copycat branding, and spam-like app distribution strategies. If these standards are enforced selectively, the result is an incomplete and misleading narrative about the state of AI apps on the App Store.
A comprehensive analysis should evaluate all developers exhibiting these patterns, verify advertised model capabilities against actual behavior, and assess how branding and UI design contribute to user deception. Without that, the discussion remains partial and fails to address the broader systemic issue.
> This article raises valid concerns about misleading AI apps on the Mac App Store, but the analysis is incomplete and selectively framed.
This is a strange criticism. My blog post was never intended to be a "complete" or "comprehensive" analysis. It's just some stuff I happened to notice.
> A comprehensive analysis should evaluate all developers exhibiting these patterns
Who exactly are you talking to? If you're talking to Apple, ok, but otherwise, nobody has time to look at every app in the crApp Store.
@Jeff: I'm pretty sure they aren't talking to anyone... I'd bet money that was written by AI prompted to write a rebuttal.
It is following a formula and demonstrates no awareness of the conversation on this page.
"I'd bet money that was written by AI prompted to write a rebuttal."
I had the same thought. It's the typical kind of "lots of very professional-sounding words that say nothing helpful and are addressed to nothing anyone actually said" format that LLMs spew out when they're asked to criticize something. It also has some of the phrases that are common in LLM-generated text.
The actual claim the comment makes, that any criticism of the App Store should be exhaustive ("should evaluate all developers exhibiting these patterns"), is so harebrained that it's difficult to believe that an actual human with an actual brain came up with it.
It does have links in the comment, maybe Google juice, although they do have nofollow. But it would be kind of clever to post vaguely critical comments for an app that nobody reads, while juicing its SEO. It could also just be some OpenClaw-style experiment. Dunno, people do shitty stuff for no real reason all the time.
