Friday, March 15, 2024

Fake Bitcoin Wallet in the App Store

Even_Fan9110:

I got C$ 150k drained from my all my accounts right in front of my eyes after I put my seed phrase into this fake app from the apple Apple Store. I can’t believe apple lets apps like this on their App Store. Beware people don’t download this.

habeanf (via Maximiliano Firtman):

Earlier today I decided to switch my Android for an iPhone. After moving all my apps I decided to make the jump and move my bitcoin from the android wallet. I searched for ‘bitcoin wallet’ on the Apple App Store, installed the first app I saw (as far as I could tell, looks legit), transferred bitcoin, and it immediately got sent off. Turns out this app was previously reported at least 12 days ago as a scam but its still up there, #1 search result.

I get that I’ve failed to vet the app but honestly, how does a scam app become the #1 organic search result (not promoted) in the app store, topping binance, blockchain.com, and coinbase?

Previously:

11 Comments RSS · Twitter


There were a few versions of this comment that I found interesting…

When I first got an iPhone a few years back, this is the thing that shocked me most. This is completely out of line with what I expect from Apple. I don’t have "scams" per se, but the first result when searching for a keyword is systematically an ad for a competitor:

- Spotify -> Deezer
- Uber -> Heetch
- UberEats -> Deliveroo
- Deliveroo -> Ubereats
- My bank -> crypto.com

I haven’t used Android in a while, but this sounds like a pretty serious paradigm shift. Another example of how Apple just isn’t good at anticipating trails that diverge from the happy path (or at least not great at coding for those cases).

Like maybe you should have to slowly earn the right to advertise at certain levels? Or be vetted somehow? I mean, if an unknown dev account advertises its way to #1, why doesn’t that set off bells and get some qualified humans reviewing what’s up?


On Android I get a competitor at the top immediately followed by what I searched.

The ad is clearly labeled as an ad, and due to general basket blindness I can honestly say that what I actually searched for is much more prominent.

But the whole buying a competitors name as a keyword is hot garbage. Completely ruined Google imo


Great indifference to this practice from me also. Overcast bought an ad against Downcast, my current choice, so now I'm not sure I want to subscribe to or even try Overcast. Just really shitty, even though everybody does it.


So I did a search on my Galaxy S10e, which is running an older version of Android, but hopefully up to date with Google Play Services and Google Play Store, and the first result is the app I search for, then a row of sponsored content, followed by other related apps listed below. But I typed name of app, not type of app if that makes sense. I first tested with my bank app. To reiterate, I did Google Play store searches for all the suggested terms listed in the original post and got back all the actual search terms as first results. If you look up a category of app, say web browser, I get 3 sponsored choices and then the normal list. All three sponsored choices for web browser were legitimate apps;
DuckDuckGo, Microsoft Edge, Opera browser with AI.

If Apple is delivering a competitor as top billing, then they suck at actually fulfilling everything they've claimed about making their ecosystem safer. If Apple is delivering straight up scams as first results in category searches then why can't Apple itself be sued for hosting scam apps? Since Apple itself is the all seeing, all knowing, benevolent eye gazing lord of all things in AppleLand?


So is Apple going to try and collect 30% from the scammers now?


> If Apple is delivering a competitor as top billing, then they suck at actually fulfilling everything they've claimed about making their ecosystem safer.

Yes this happens all the time. It can happen “organically” but Apple actually sells this as a service via Apple Search Ads. It is prohibited to use a competitor’s name in your keywords but you can pay Apple a fee (in Apple search ads) to bypass this.

In fact many large companies buy ads and use their *own* App name name as a keyword in Apple Search ads to keep competitors at bay. For example if I type Candy Crush in the App Store search the first result I get is an *Ad* for Candy Crush and then the second result is the organic Candy Crush result (so the same app is listed twice in a row). What an amazing user experience!) Apple is double dipping the chip. If you click the first Candy Crush (the ad) they charge King an extra fee for the ad click.

I think this practice should be illegal but regulators often cause more problems than they solve (DMA is a fucking mess) and generally all regulations relating to software and the web make my life worse in the US. Every website shows a pop up about cookies now so if you browse the web in private browsing mode you see that same dialog over and over again.
I can’t thank the EU enough for protecting my privacy with that ridiculous pop up. Meanwhile they want small devs to publish their phone numbers on the App Store.


So is Apple going to try and collect 30% from the scammers now?

Sure! App review works and provides real value. Nobody could dispute this.


@ObjC4Life

> Every website shows a pop up about cookies now so if you browse the web in private browsing mode you see that same dialog over and over again.

It's not really the EU which is responsible for this but more:
- website developers who don't know how to code without using cookies.
- website managers who want to get metrics about everything.
- website owners who want to get more money at the expense of their visitors' privacy.

There's nothing that prevents a website from displaying the same ad (or rotating ads) to everyone. Instead we get all those dialogs with dark pattern so that those websites can display ads for either products you already purchased a few days ago or products you will never purchased.

I also particularly enjoy newspapers website complaining about Google stealing their articles and those same websites always displaying a fracking "sign in with Google" panel on their fracking front page.


@ObjC4Lif how is DMA a mess?


They bill devs 30% for the App Store services, which should guarantee the safety of those apps right? It's a "service" with no opt out they offer to avoid this exactly scenario, or so they claim. So Apple should be liable to every damage an app causes to its users when they fail to guarantee the safety of those apps.


OK aside from my bias that all blockchain enthusiasts are inherently gullible...

This story sounds fishy. Switched from Android to iPhone, just blindly installs and trusts and app, and gets scammed...

And then goes on to name the top three legitimate apps. Wait, what? You knew about these but not only downloaded but then logged in with all your money to just the first random thing you saw?

I agree the App Store has become a joke, but that story just doesn't make sense.

Leave a Comment