Getty Photographs
As Apple has stepped up its promotion of its App Retailer as a safer and extra reliable supply of apps, its operators scrambled Thursday to appropriate a significant risk to that narrative: an inventory that password manager-maker LastPass stated was a “fraudulent app impersonating” its model.
On the time this text on Ars went dwell, Apple had eliminated the app—titled LassPass and bearing a brand strikingly much like the one utilized by LastPass—from its App Retailer. On the similar time, Apple allowed a separate app submitted by the identical developer to stay. Apple supplied no rationalization for the rationale for eradicating the previous app or for permitting the latter one to stay.
Apple warns of “new dangers” from competitors
The transfer comes as Apple has beefed up its efforts to advertise the App Retailer as a safer different to competing sources of iOS apps mandated just lately by the European Union. In an interview with App Retailer head Phil Schiller revealed this month by FastCompany, Schiller stated the brand new app shops will “deliver new dangers”—together with pornography, hate speech, and different types of objectionable content material—that Apple has lengthy stored at bay.
“I’ve no qualms in saying that our objective goes to all the time be to make the App Retailer the most secure, finest place for customers to get apps,” he informed author Michael Grothaus. “I believe customers—and the entire developer ecosystem—have benefited from that work that we’ve performed along with them. And we’re going to maintain doing that.”
One way or the other, Apple’s app-vetting course of—lengthy vaunted though Apple has supplied few specifics—failed to identify the LastPass lookalike. Apple eliminated LassPass Thursday morning, two days, LastPass stated, after it flagged the app to Apple and sooner or later after warning its customers the app was fraudulent.
“We’re elevating this to our prospects’ consideration to keep away from potential confusion and/or lack of private information,” LastPass Senior Principal Intelligence Analyst Mike Kosak wrote.
There’s no denying that the brand and identify have been strikingly much like the official ones. Beneath is a screenshot of how LassPass appeared, adopted by the official LastPass itemizing:
Right here yesterday, gone right this moment
Thomas Reed, director of Mac choices at safety agency Malwarebytes, famous that the LassPass entry within the App Retailer stated the app’s privateness coverage was accessible on bluneel[.]com, however that the web page was passed by Thursday, and the principle web page reveals a generic touchdown web page. Whois data indicated the area was registered 5 months in the past.
There’s no indication that LassPass collected customers’ LastPass credentials or copied any of the info it saved. The app did, nonetheless, present fields for customers to enter a wealth of delicate private data, together with passwords, e mail and bodily addresses, and financial institution, credit score, and debit card information. The app had an choice for paid subscriptions.
A LastPass consultant stated the corporate discovered of the app on Tuesday and targeted its efforts on getting it eliminated slightly than analyzing its habits. Firm officers don’t have details about exactly what LassPass did when it was put in or when it first appeared within the App Retailer.
The App Retailer continues to host a separate app from the identical developer who’s listed merely as Parvati Patel. (A fast Web search reveals many people with the identical identify. For the time being, it wasn’t doable to determine the precise one.) The separate app is called PRAJAPATI SAMAJ 42 Gor ABD-GNR, and a corresponding privateness coverage (at psag42[.]in/coverage.html) is dated December 2023. It’s described as an “software for Ahmedabad-Gandhinager Prajapati Samaj app” and additional as a “platform for group.” The app was additionally just lately listed on Google Play however was now not accessible for obtain on the time of publication. Makes an attempt to contact the developer have been unsuccessful.
There’s no indication the separate app violates any App Retailer coverage. Apple representatives didn’t reply to an e mail asking questions in regards to the incident or its vetting course of or insurance policies.
Getty Photographs
As Apple has stepped up its promotion of its App Retailer as a safer and extra reliable supply of apps, its operators scrambled Thursday to appropriate a significant risk to that narrative: an inventory that password manager-maker LastPass stated was a “fraudulent app impersonating” its model.
On the time this text on Ars went dwell, Apple had eliminated the app—titled LassPass and bearing a brand strikingly much like the one utilized by LastPass—from its App Retailer. On the similar time, Apple allowed a separate app submitted by the identical developer to stay. Apple supplied no rationalization for the rationale for eradicating the previous app or for permitting the latter one to stay.
Apple warns of “new dangers” from competitors
The transfer comes as Apple has beefed up its efforts to advertise the App Retailer as a safer different to competing sources of iOS apps mandated just lately by the European Union. In an interview with App Retailer head Phil Schiller revealed this month by FastCompany, Schiller stated the brand new app shops will “deliver new dangers”—together with pornography, hate speech, and different types of objectionable content material—that Apple has lengthy stored at bay.
“I’ve no qualms in saying that our objective goes to all the time be to make the App Retailer the most secure, finest place for customers to get apps,” he informed author Michael Grothaus. “I believe customers—and the entire developer ecosystem—have benefited from that work that we’ve performed along with them. And we’re going to maintain doing that.”
One way or the other, Apple’s app-vetting course of—lengthy vaunted though Apple has supplied few specifics—failed to identify the LastPass lookalike. Apple eliminated LassPass Thursday morning, two days, LastPass stated, after it flagged the app to Apple and sooner or later after warning its customers the app was fraudulent.
“We’re elevating this to our prospects’ consideration to keep away from potential confusion and/or lack of private information,” LastPass Senior Principal Intelligence Analyst Mike Kosak wrote.
There’s no denying that the brand and identify have been strikingly much like the official ones. Beneath is a screenshot of how LassPass appeared, adopted by the official LastPass itemizing:
Right here yesterday, gone right this moment
Thomas Reed, director of Mac choices at safety agency Malwarebytes, famous that the LassPass entry within the App Retailer stated the app’s privateness coverage was accessible on bluneel[.]com, however that the web page was passed by Thursday, and the principle web page reveals a generic touchdown web page. Whois data indicated the area was registered 5 months in the past.
There’s no indication that LassPass collected customers’ LastPass credentials or copied any of the info it saved. The app did, nonetheless, present fields for customers to enter a wealth of delicate private data, together with passwords, e mail and bodily addresses, and financial institution, credit score, and debit card information. The app had an choice for paid subscriptions.
A LastPass consultant stated the corporate discovered of the app on Tuesday and targeted its efforts on getting it eliminated slightly than analyzing its habits. Firm officers don’t have details about exactly what LassPass did when it was put in or when it first appeared within the App Retailer.
The App Retailer continues to host a separate app from the identical developer who’s listed merely as Parvati Patel. (A fast Web search reveals many people with the identical identify. For the time being, it wasn’t doable to determine the precise one.) The separate app is called PRAJAPATI SAMAJ 42 Gor ABD-GNR, and a corresponding privateness coverage (at psag42[.]in/coverage.html) is dated December 2023. It’s described as an “software for Ahmedabad-Gandhinager Prajapati Samaj app” and additional as a “platform for group.” The app was additionally just lately listed on Google Play however was now not accessible for obtain on the time of publication. Makes an attempt to contact the developer have been unsuccessful.
There’s no indication the separate app violates any App Retailer coverage. Apple representatives didn’t reply to an e mail asking questions in regards to the incident or its vetting course of or insurance policies.
