Apple boasts that its branded App Store is a safe haven. The same cannot be said about Google Play, where you can find malicious applications. But not everything is so simple and Apple does not have a mechanism that 100% guarantees that low-quality software does not fall into the open spaces of the application store.
After going through the milestones of Apple’s verification, a fraudulent app called Trezor for trading cryptocurrency entered the App Store. Many thought it was an app from Trezor, a company that specializes in creating hardware wallets for cryptocurrency. Working with this program, the user Phillipe Christodoulou lost 17.1 bitcoins and at the current exchange rate it is about $ 600 thousand, they were simply stolen. But he was not the only victim of the scammers. There were at least 4 more people who lost their cryptocurrency and the total damage amounted to $1.6 million.
iOS app stole $ 1.6 million in bitcoins from users
It is quite logical that the victims blamed everything on Apple; which allowed the appearance of fraudulent software on the App Store. For its part, the Cupertino-based company said that the developers of the application got through the app store through a bait-and-switch technique. Simply put, they provided a safe version of the app for safe storage of data for verification; and after it was given the go-ahead for placement in the App Store, they changed it to a cryptocurrency wallet.
Alas, the fact of the substitution was not detected in time and the creators of the fraudulent software managed to profit quite well. The incident prompted an App Store audit, which resulted in the removal of several apps from the store. What kind of applications it is, how many of them turned out to be and what they were using, the company does not announce.
“User trust is at the foundation of why we created the App Store; and we have only deepened that commitment in the years since,” said Apple spokesperson Fred Sainz. “Study after study has shown that the App Store is the most secure app marketplace in the world; and we are constantly at work to maintain that standard and to further strengthen the App Store’s protections. In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future.”
It is worth mentioning that a similar fraudulent Trezor app was created for Android devices as well. But Trezor then managed to warn users that it did not have a mobile application; and warned them against installing fake apps. A similar notice was sent to Google, which quickly removed the fake Trezor wallet last December.