There’s a lot of buzz around a recent purge of fake retail apps from the App Store. So we wanted to take a closer look at the issue.

These fake retail and product apps were simply pretending to be something they are not, targeting consumers in the peak of Christmas shopping season. In this case, they are fully functional and plausible apps but essentially designed to entice users to buy goods that will never arrive, but will allow the scammers to collect credit card data.
From all accounts the apps look and feel very legitimate and had no problem sailing through the Apple App Store approval process. It’s concerning that this happened so soon after 250 apps collecting users’s PII were removed from the App Store. But really the message is still very clear. Think twice before entering credit card details when using a mobile app.
Apple has a massive job on its hands validating all the apps that are submitted for approval. The sheer quantity alone must make it a mammoth task. Often the initial app approval is the one where the most care is taken and that updates tend to be easier to get through. It appears that knowledge of the approval mechanics helped some developers get ‘less than honest’ apps approved over time.
It also seems like the connectivity requirements are not a ‘solid approval requirement’ in terms of which servers or services the apps communicate with. To quote a report:
“If they (developers) want us (Apple) to evaluate apps in detail based on where they’re sending data, that would take months of review and analysis before an app goes live,”
i.e. they can’t look at all the apps at that level of detail before approving them.
Security does not start and end with the device, the app or the OS it runs on. Security is the sum of all the parts. Any weakness, in any part, is a chink in the overall armour and at risk of being exploited.
What about encryption? Of course all transactions should be encrypted, it’s a mainstay of digital security. However, it’s just as easy to encrypt a scam transaction as it is a legitimate one. As we’ve seen before with a number of fake sunglasses scams, fraudulent shopping sites and apps fail to protect users’ sensitive information.
While the App Store approval process is very comprehensive and Apple takes security very seriously and most apps run and function as expected and leverage all the built in security features, it’s just the businesses behind them were crooked.
Who helps you stay protected against that?
[text-blocks id=”3610″]