{"id":42080,"date":"2024-02-09T19:30:11","date_gmt":"2024-02-10T00:30:11","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=42080"},"modified":"2024-02-14T11:01:55","modified_gmt":"2024-02-14T16:01:55","slug":"fraudulent-lasspass-app","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/02\/09\/fraudulent-lasspass-app\/","title":{"rendered":"Fraudulent LassPass App"},"content":{"rendered":"<p><a href=\"https:\/\/blog.lastpass.com\/2024\/02\/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store\/\">Mike Kosak<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.lastpass.com\/2024\/02\/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store\/\">\n<p>LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called &ldquo;LassPass Password Manager&rdquo; and lists Parvati Patel as the developer.  The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/www.macrumors.com\/2024\/02\/08\/fake-lastpass-app-in-apple-app-store\/\">Juli Clover<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.macrumors.com\/2024\/02\/08\/fake-lastpass-app-in-apple-app-store\/\"><p>It doesn&rsquo;t use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.<\/p><p>It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn&rsquo;t ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.<\/p><p>[&#8230;]<\/p><p>Clone apps often make their way into the  App Store , but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/daringfireball.net\/linked\/2024\/02\/08\/lastpass-lasspass-scam-app\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/linked\/2024\/02\/08\/lastpass-lasspass-scam-app\">\n<p>Branscombe is correct that even isolated incidents like this hurt Apple&rsquo;s arguments in favor of App Store exclusivity. But what&rsquo;s the counterargument? That anything short of 100 percent accuracy at flagging scams and rip-offs renders the entire App Store review process pointless? That if, say, 1 in every 1,000 scam attempts slips through, the entire process should be scrapped? That argument can&rsquo;t be taken seriously.<\/p>\n<\/blockquote>\n<p>A few points:<\/p>\n<ul>\n<li><p>The question isn&rsquo;t whether it&rsquo;s pointless&mdash;it&rsquo;s whether it does more harm than good. Aside from bad apps getting through, there are many legitimate apps that are inappropriately blocked or delayed.<\/p><\/li>\n<li><p>And whether one half of a duopoly should be able to dictate which software is available for what is many people&rsquo;s primary computing platform.<\/p><\/li>\n<li><p>We have no idea what the real numbers are, but various third-party reports suggest that many scam apps remain in the store, even after reporting to Apple. And, of course, some have even been <em>featured<\/em> by Apple.<\/p><\/li>\n<li><p>The App Store <em>enables<\/em> these scams. If users downloaded apps from the Web, such scams wouldn&rsquo;t have the Google juice to get traction, but they can rocket to the top of the App Store search results just by having a name that&rsquo;s shares a prefix with a hit product. Secondly, Apple has successfully convinced the general public that the App Store is curated, so people are trusting of what they download. They&rsquo;re lulled into a false sense of security.<\/p><\/li>\n<\/ul>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2024\/01\/25\/dma-compliance-alternative-app-stores-but-no-sideloading\/\">DMA Compliance: Alternative App Stores But No Sideloading<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/08\/10\/the-top-pdf-reader-in-the-mac-app-store\/\">The Top PDF Reader in the Mac App Store<\/a><\/li>\n<\/ul>\n\n<p id=\"fraudulent-lasspass-app-update-2024-02-14\">Update (2024-02-14): <a href=\"https:\/\/mastodon.social\/@tolmasky\/111909609958630114\">Francisco Tolmasky<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@tolmasky\/111909609958630114\"><p>Imagine an FDA as half-assed as the App Store, accidentally only requiring cancer warnings on <em>some<\/em> cigarettes, leading people to buy the cigarettes that &ldquo;don&rsquo;t cause cancer.&rdquo; That&rsquo;s the App Store.<\/p>\n<p>[&#8230;]<\/p>\n<p>A curated hellhole full of gambling traps for children that somehow still manages to let scams run for a week is nothing to be proud of, even if it is better than a competitor that isn&rsquo;t even trying. Once upon a time we expected more from Apple.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Mike Kosak: LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called &ldquo;LassPass Password Manager&rdquo; and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-02-10T00:30:13Z","apple_news_api_id":"ce2e9e28-0b87-4564-ba18-c42850c4c172","apple_news_api_modified_at":"2024-02-14T16:02:00Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABA==","apple_news_api_share_url":"https:\/\/apple.news\/Azi6eKAuHRWS6GMQoUMTBcg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[91,2036,31,2321,2553,1410],"class_list":["post-42080","post","type-post","status-publish","format-standard","hentry","category-technology","tag-appstore","tag-app-store-scams","tag-ios","tag-ios-17","tag-lasspass","tag-lastpass"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/42080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=42080"}],"version-history":[{"count":6,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/42080\/revisions"}],"predecessor-version":[{"id":42105,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/42080\/revisions\/42105"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=42080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=42080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=42080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}