Apple fighting to stem fake Bitcoin apps on App Store
Apple is reportedly working to counter an influx of counterfeit Bitcoin wallets on the App Store, which in some cases may be robbing users of coins worth thousands of dollars.
In a little over a week, over 10 such apps made it onto the App Store despite Apple's review process, according to Motherboard. A company spokeperson said that all of the offending apps have been removed.
The software was mimicking legitimate wallet apps such as BitGo, Breadwallet, and Coinbase, apparently using portions of the apps' source code to take on the same look. In the case of a Breadwallet clone, customers are thought to have lost at least $20,000 -- half of that belonging to one victim.
Developers of Bitcoin apps will sometimes make their source code public for the sake of transparency, particularly important given past incidents with the cryptocurrency. This is also believed to be making spoofing easier, however.
It's not clear how the fake apps made it past Apple screening, but Breadwallet co-founder Aaron Voisine suggested that Apple should be verifying the identities of people uploading apps into the App Store's Finance category.
In a little over a week, over 10 such apps made it onto the App Store despite Apple's review process, according to Motherboard. A company spokeperson said that all of the offending apps have been removed.
The software was mimicking legitimate wallet apps such as BitGo, Breadwallet, and Coinbase, apparently using portions of the apps' source code to take on the same look. In the case of a Breadwallet clone, customers are thought to have lost at least $20,000 -- half of that belonging to one victim.
Developers of Bitcoin apps will sometimes make their source code public for the sake of transparency, particularly important given past incidents with the cryptocurrency. This is also believed to be making spoofing easier, however.
It's not clear how the fake apps made it past Apple screening, but Breadwallet co-founder Aaron Voisine suggested that Apple should be verifying the identities of people uploading apps into the App Store's Finance category.
Comments
Couldn't agree more. Every player that provides an app store for phones, including, Google and Microsoft, should be doing this.
I guess you did not read the article, the app Developers release the source code to their software so others look through their code to make sure it does not have security flaws, the problem was they created the flaw by releasing the source code the bad players copied the code and submitted as the original source code. they also probably mimic the software developer themselves to make it look like the developer was the one actually submitting the update.
Yeah Apple could have put some sort of two step verification process for app submittals, but developer should not be put their source code out in the wild, the developer is the one who holds most of the liability here.
Imagine if your bank openly shared their source code for their online banking software, would you feel safe using their app for online backing.