Bitcoin app accused of stealing $120,000 in another App Store failure [u]
Reports of another fake bitcoin wallet in the App Store are claiming that "Leather Wallet & Hiro Bitcoin" took over $120,000 in a single fraudulent transaction.
The App Store is meant to be safe from scam apps
Apple claims the EU is weakening App Store security, and executives including Craig Federighi stress that users are at risk if its review process is skipped by alternative app stores. But it appears that yet another scam app has made it through Apple's App Store review process.
Watch out. This scam wallet INSIDE Apple App Store stole 38,000 STX after importing. @muneeb please warn @Stacks community. https://t.co/gX0IC2ofiO
-- George Burke (@geoburke)
Financial app developer George Burke reports that the app, "Leather Wallet & Hiro Bitcoin," has stolen the equivalent of $121,448.22. Burke has provided a link to the transaction details, though it's not clear whether it's he or a client who was allegedly defrauded.
So far there are few other reports and responses to Burke's comment on X/Twitter, but one is from someone claiming that many people have been aware of the scam "for a while." There are also reports that Bitcoin developer Hiro -- fraudulently named in the app's title -- has contacted Apple.
According to its App Store listing, "Leather Wallet & Hiro Bitcoin" was added in late February. It is developed by a firm called Huynh Gia Hai Service Construction Trading One Member Company Limited.
The firm appears to have no other apps, and no online presence other than a privacy policy. That policy is required by Apple, but in this case the details are held on the third-party TermsFeed site.
Apple has now confirmed to AppleInsider that the app was on the App Store for approximately two weeks, but has now been removed. This is similar how it reacted when it removed a different fake crypto app.
Updated: 11 March 2024 17:15 with Apple's response.
Read on AppleInsider
Comments
Set aside their notarisation processes (which is a great concept and really works!), the actual human review process is inefficient, prone to $$$ bias and Apple politics and human errors. Of the 30+ games and apps I deployed on iOS/iPadOS involving major media stakeholders, Apple sometimes just forgot to review our apps (staying in a queue for weeks), didn't communicate for days, rejected publication based on nonsensical reasons and misunderstandings, costing stakeholders thousands and thousands of dollars, especially when the app was tied to an important media announcement.
I could design a game that passes Apple review, but after 50 days suddenly changes from a game into a pornographic content video player and Apple would *never* know about it as part of their review process. Yes, my account would be banned as soon as the first complaints roll in, but by then the damage is done.
The truth is that Apple obviously cannot review every SKU on their store, even with a large team.
The primary reason for Apple to be the gate-keeper is not to protect the interests of its consumers, but themselves.
Which is what companies do, not just Apple.
So, I'm looking forward for other parts of the world forcing Apple (and similar competitors) to open up their ecosystem and allow for side-loading and third-party stores. This IS in the best interest of its users.
Security and privacy are things that are covered by a lot of laws. They don't fall exclusively under one directive or another.
It is entirely possible that alternative app stores could provide better protection than Apple. It's possible they might not of course.
Absolute protection is impossible but there is a lot that can be done to improve things. You would think that something like comparing app names for similar names and raising flags for closer inspection would be perfect for AI but we've seen a few examples over the past months where apps have got through the system while looking very similar to existing, legitimate apps.
And given the state of the tech industry, I'm quite certain that these alternative app stores will simply be that: trojan horses for data harvesting. For those who argue that nobody will be forced to use them, I can well imagine that there will be some social media/messaging app which is exclusive to one of those app stores (paid for by the company behind that store), and once all your friends are using that app to communicate/share, you won't have a choice but to sign up and download it from that store to keep connected to your social circle.
As you said, this is what companies do: look out for their own best interest. I'll take the companies which are dependent on the quality of the products they create directly for their customers, not the ones which are dependent on the quality of the customer data they can get for their real customers (advertisers and/or AI companies).