Man blames Apple for bitcoin theft by fake app in App Store

Posted:
in iOS edited April 3
Apple has been blamed for enabling a scam app to steal bitcoin worth $600,000 from a man, by listing the fake app that pretended to be by another company in the App Store.




Cryptocurrency owner Phillipe Christodoulou discovered an app he had installed on his iPhone was fake in February, when he went to check his savings. The app, which was supposedly a companion app for cryptocurrency storage device producer Treznor, turned out to not be associated with the firm at all.

The mistake cost the user dearly, with Christodoulou claiming he had lost 17.1 bitcoin, which was valued at $600,000 at the time, reports the Washington Post. The app was fake, and had effectively handed over the cryptocurrency to scammers.

The app was listed in the App Store under the Treznor brand, though the company doesn't produce apps for its hardware wallets. Instead, thieves created the app and hosted it on the App Store in January in a bid to steal funds.

Checking the Treznor wallet showed there were no funds stored on it at all.

According to Christodoulou, the app was listed as having close to five stars on its reviews, which helped him trust the app enough to download it. Since the event, he is no longer happy with the company, which he noted as reviewing apps before they appear in the App Store in the first place.

"They betrayed the trust that I had in them," said Christodoulou. "Apple doesn't deserve to get away with this."

According to Apple, the app made it into the App Store by changing its purpose after getting into the store. The app was presented as a "cryptography" app for review, and that it "is not involved in any cryptocurrency," allowing it to appear in the App Store from January 22.

At a later time, the app changed purpose into a cryptocurrency wallet, a move that Apple doesn't allow. After being informed by Treznor about the fake app, Apple pulled it and banned the developer, but it was swiftly followed up by another Treznor app hitting the App Store.

While Apple did initially ban cryptowallets from the App Store, it allowed them in 2014, while also placing many restrictions on how the apps functioned. There are now many ways to buy cryptocurrencies from an iPhone and other Apple hardware,

"User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since," said Apple spokesman Fred Sainz. "In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future."

Apple said it removed some 6,500 apps from the App Store in 2020 for having "hidden or undocumented features," many of which were scam apps.

Christodoulou isn't the only one to have been affected by the scam, with Coinfirm claiming five people have reported thefts via the iOS app totaling $1.6 million. Fake Treznor apps on Android are also thought to have stolen a total of $600,000.

Scam apps and other bad actors are continuing to be an issue for online storefronts like the App Store. So-called "fleeceware" on iOS and Android that rely on high subscription fees have cost consumers more than $400 million, research from Avast claimed in March, but while they are morally questionable, they're technically legal.

Developers have also complained about scam apps that attempt to copy established apps, including marketing videos, but charge users a subscription while not providing all of the promised features. The complaints include how the apps are manipulating App Store reviews to get high scores, with fake praise cancelling out negative complaints.
Alex1N
«1

Comments

  • Reply 1 of 38
    Fred257Fred257 Posts: 75member
    If Apple is found to be negligent they need to pony up the cash to this guy
    viclauyycBeatsjony0
  • Reply 2 of 38
    Treznor or Trezor? :smile: 
    watto_cobra
  • Reply 3 of 38
    Fred257 said:
    If Apple is found to be negligent they need to pony up the cash to this guy
    The guy was scammed and this is sad but saying it’s on Apple when the company misrepresented itself and then made a change to go undetected. It doesn’t look like Apple was negligent. 

    I’m not victim blaming but let’s say you had 600k cash that you wanted to put in a bank account. Would you just randomly put it in a website that you have never heard of or would you at the minimum research it beyond a generic star rating? Why would you not do this for another form of currency? 

    People with crypto need to be highly aware where they store their coin. 
    pulseimageslkruppBeatsAlex1Nkillroyjony0watto_cobra
  • Reply 4 of 38
    geekmeegeekmee Posts: 453member
    This is true... Apple store is responsible for every evil app that succeeds. And Apple has a history of ill content on top of that. And I am sure Apple did this maliciously as well.
    Or... That is why you hire a team of lawyers, when you want to blame others, and keep the focus off of your failures or the app makers intentions.
    Who cares if this philosophy is morally questionable, as long as it is technically legal.
    As long as he doesn’t pay for his mistakes.
    edited March 30
  • Reply 5 of 38
    geekmeegeekmee Posts: 453member
    Fred257 said:
    If Apple is found to be negligent they need to pony up the cash to this guy
    I would look up the meaning of the word “negligent” to see if it applies to this case.
    killroy
  • Reply 6 of 38
    omasouomasou Posts: 109member
    Hurry up Epic get that lawsuit moving...the world wants and needs the non-Apple iOS controlled app stores you promised </s>
    edited March 30 mwhitethe1maximusFileMakerFellerBeatsRayz2016jony0watto_cobra
  • Reply 7 of 38
    ralphieralphie Posts: 64member
    omasou said:
    Hurry up Epic get that lawsuit moving...the world wants and needs the non-Apple iOS controlled app stores you promised </s>
    Because Apple app vetting process is SO much better ... LOL.
    edited March 30 elijahgviclauyycFileMakerFeller
  • Reply 8 of 38
    crowleycrowley Posts: 7,507member
    How did the app change its purpose after getting into the store?  And in a way that meant this guy was fooled into thinking it was a crypto wallet?

    Something sounds fishy here.  At the very least there’s a hole in Apples processes.

    Though I have limited sympathy for anyone who has any involvement with Bitcoin or any crypto nonsense.
    muthuk_vanalingamkillroymacplusplusjony0
  • Reply 9 of 38
    sflocalsflocal Posts: 5,486member
    Apple shares some responsibility here, but not much.  Be it by Apple's own success, the App store is filled with crap apps and it is not doing enough to prevent the slow rot of the App Store.  Apple needs to allocate some serious resources to clean house and jettison not only bad apps, but bad players and implement a system to prevent these miscreants from ever getting back in.

    I stay on an iPhone because I "trust" that Apple better curates the App Store from bad players than the wild-west that is Android.  Considering how un-godly rich Apple is, it can and should do better with scam apps.

    That being said, if this were my bitcoin, I sure as hell would not trust some app on the App Store with $600K unless it was fully vetted, and researched by me.  I do not trust reviews whatsoever. 
    edited March 30 Beatsjony0watto_cobra
  • Reply 10 of 38
    The main purpose of the app review process is to protect Apple's business from app developers and users of apps. Apple has automation that carefully checks that its API is being used correctly by an app developer and thereby greatly restricts what a user is allowed to do. The app review process as designed cannot determine if an app or a company is fake. If I made a new developer account and claimed to be Acme Hole Company, Apple would never contact the real Acme Hole Company to find out whether the app really belonged to them or not. Instead Apple waits for users to report apps as malicious and then takes action if there are enough complaints. Of course by then the fake app developer has already made their money and just sets up a new fake developer account and app. Always keep in mind that most of Apple's security is for Apple not for you.

    Apple's problem is that since they curate apps, they have taken on the responsibility for the apps in the App Store. They would have been protected if they had allowed any app on the App Store since no user would trust them. Instead they have tried to build trust by saying that the App Store is safe because apps are reviewed. Users have no understanding that "safe" only applies to Apple's technology and not their own information.

    If Apple wants to fix this problem it should do two things:
    1. Identify its developers in some secure way that prevents developers from pretending to be someone they are not. Collect biometrics (voice, facial features, retina scans, etc.) of developers before allowing them to publish anything.
    2. Trust developers who have a long track record of releasing safe apps and dealing with customers honestly. Use that trust to grant them additional API access to sensitive features (like being able to request access to a user's personal information).
    edited March 30 viclauyycdewmeFileMakerFellerAlex1Nkillroyjony0
  • Reply 11 of 38
    zimmiezimmie Posts: 496member
    Fred257 said:
    If Apple is found to be negligent they need to pony up the cash to this guy
    The guy was scammed and this is sad but saying it’s on Apple when the company misrepresented itself and then made a change to go undetected. It doesn’t look like Apple was negligent. 

    I’m not victim blaming but let’s say you had 600k cash that you wanted to put in a bank account. Would you just randomly put it in a website that you have never heard of or would you at the minimum research it beyond a generic star rating? Why would you not do this for another form of currency? 

    People with crypto need to be highly aware where they store their coin. 
    Well, I am victim-blaming here. Situations like this are literally the reason real banks for real currencies have FDIC oversight and mandatory deposit insurance, and why investment banks have SIPC oversight and insurance. This person intentionally opted out of that system. He decided to use unregulated banks, so the consequences of that decision are on him.
    Alex1Nkillroymacplusplusjony0watto_cobra
  • Reply 12 of 38
    gatorguygatorguy Posts: 22,812member
    crowley said:
    How did the app change its purpose after getting into the store?  And in a way that meant this guy was fooled into thinking it was a crypto wallet?

    Something sounds fishy here.  At the very least there’s a hole in Apples processes.

    Though I have limited sympathy for anyone who has any involvement with Bitcoin or any crypto nonsense.
    If you read the source article Apple has no way to prevent it.

    The gentleman had purchased a hardware wallet from Trezor which he had good success with, and when seeing the "matching app" in the App Store would be forgiven for downloading as it had with a matching logo, name and description, and considering Apple's vetting of each and every app, would have been comfortable with it being from Treznor. Worse the only way Apple becomes aware that the app morphed is for users to report it. By that time damage is done.

     I don't know why but I had simply assumed that by a human vetting the apps they could not do the exact same thing we read Android apps sometimes doing. So what's the difference between the two stores? 
    edited March 30 FileMakerFellerAlex1Nkillroyjony0
  • Reply 13 of 38
    mac_dogmac_dog Posts: 865member
    Damned if they do, damned if they don’t. Currently, devs cry bcoz the process takes too long. If Apple were to scrutinize everything, they would need more time to get apps. 
    Beatskillroyjony0watto_cobra
  • Reply 14 of 38
    noelosnoelos Posts: 117member

    Well, I am victim-blaming here. Situations like this are literally the reason real banks for real currencies have FDIC oversight and mandatory deposit insurance, and why investment banks have SIPC oversight and insurance. This person intentionally opted out of that system. He decided to use unregulated banks, so the consequences of that decision are on him.
    So if this had been a fake app representing itself as the banking application of a regional bank and had defrauded the user that way, it would be Apple’s fault?

    Apple’s scrutiny of the app and its later releases, its failure to validate the publisher against a known entity, and its failure to stop the company using fake reviews to get close to 5 stars all mean Apple isn’t running the safe and secure App Store it claims  to.
    FileMakerFellerBeatsAlex1Njony0
  • Reply 15 of 38
    EsquireCatsEsquireCats Posts: 1,117member
    Is this not a perfect demonstration for why all transactions need to go through Apple? I appreciate that this is bitcoin related, but one can’t help to see the analogy between Epic’s vision for the App store and the massive level of fraud that this invites. 
    BeatsAlex1Nkillroyjony0watto_cobra
  • Reply 16 of 38
    docno42docno42 Posts: 3,515member
    Having been a while since I went looking for something in the App Store, I was dismayed at all the duplicate and obvious scam apps that permeate search terms. 

    A being able to validate legit from scam apps is a joke.   I used to be a defender of Apple and only the one store model but especially in the last several years with their inconsistent application of their rules I have zero faith in their ability to deliver the original promise of Apple being the benevolent dictator and delivering the ideal user experience.  Even code signing hasn’t delivered the promised panacea. 

    Time to open it up for those who want the option. For users who don’t go out of their way nothing would change - but there do need to be alternate paths.  Life isn’t without risk and it turns out that yes, the cure really was worse than the disease :disappointed: 
  • Reply 17 of 38
    docno42docno42 Posts: 3,515member
    Is this not a perfect demonstration for why all transactions need to go through Apple? I appreciate that this is bitcoin related, but one can’t help to see the analogy between Epic’s vision for the App store and the massive level of fraud that this invites. 



    Lol - everything goes through Apple and this still happened. So yes, by all means stick to the same already failed model :tongue: 
  • Reply 18 of 38
    docno42docno42 Posts: 3,515member
    noelos said:
    Apple’s scrutiny of the app and its later releases, its failure to validate the publisher against a known entity, and its failure to stop the company using fake reviews to get close to 5 stars all mean Apple isn’t running the safe and secure App Store it claims  to.


    This is the real issue - it’s nigh impossible to suss out the legitimate from bogus on the App Store today.  Publisher websites, names, related apps used to be a LOT easier to find. App pages today are a jumbled mess - it’s a muddled disaster. 
    FileMakerFellerAlex1Nkillroy
  • Reply 19 of 38
    viclauyycviclauyyc Posts: 640member
    mac_dog said:
    Damned if they do, damned if they don’t. Currently, devs cry bcoz the process takes too long. If Apple were to scrutinize everything, they would need more time to get apps. 
    Honestly, given how much money and resources they sit on, they should do a lot better.  All they need to do is hire a few thousand capable people.

    if Apple is Whole Food, and they sell a fake product that is poisonous and kill someone. I don’t think Apple can off the hook. People buy things from Whole Food because they believe it is a trustworthy company and trust they offer quality and safe products.

    Apple build their IOS brand as a safe and quality system, and they better live up to it.  
    FileMakerFellermuthuk_vanalingamAlex1Nnoelos
  • Reply 20 of 38
    dmdevdmdev Posts: 33member
    Credentials?? I think more likely this software asked for his 12/24 word recovery phrase, which should only ever be entered into the hardware itself.
    watto_cobra
Sign In or Register to comment.