Forgot your password?
typodupeerror
Iphone Security Apple

Tor Project: Fake Tor App Has Been In Apple's App Store For Months 78

Posted by Unknown Lamer
from the well-he-paid-his-developer-fees-so-... dept.
itwbennett (1594911) writes "For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application. According to subsequent messages on the bug tracker, a complaint was filed with Apple on Dec. 26 with Apple reportedly responding on Jan. 3 saying it would give a chance to the app's developer to defend it. More than two months later, the Tor Browser app created by a developer named Ronen is available still in the App Store. The issue came into the public spotlight Wednesday when people involved in the Tor Project took to Twitter to make their concerns heard. Apple did not respond to IDG News Service's request for comment."
This discussion has been archived. No new comments can be posted.

Tor Project: Fake Tor App Has Been In Apple's App Store For Months

Comments Filter:
  • by Anonymous Coward on Thursday March 20, 2014 @04:43PM (#46538037)

    Apple can burn a book in seconds [theregister.co.uk] for showing a little bit of flesh, yet an application may be getting their users tortured in dictatorships and it takes them months to fix.

    I think we know who's been working for the NSA and then denying involvement; don't we.

  • by Anonymous Coward on Thursday March 20, 2014 @04:44PM (#46538059)

    If you're trying to use TOR on an Apple device, you're doing it wrong.

  • Typical Apple idiocy (Score:5, Interesting)

    by bazmail (764941) on Thursday March 20, 2014 @04:46PM (#46538073)
    They took about 30 seconds to take down that breast feeding app (a BREAST!!!), but something so utterly evil like an app that promises anonymity and delivers spyware gets to live on for months? Sounds like Apple may have received a National Security letter about this fake Tor app (i.e. leave it alone!) and are playing dumb.
  • nothing new here, Apple have always put profits before security
  • by SuperKendall (25149) on Thursday March 20, 2014 @04:50PM (#46538109)

    The article was pretty slim (even the links to discussion within) on detail as to just WHAT they consider to be adware/spyware about the app...

    I would hope that some random person could not an app pulled because of it simply having ads.

    The spyware thing is way more a concern - so in what aspect is it spyware? Is it sending back everything you browse to some third party? The problem is that even in that case, I don't know it should necessarily be pulled - that could just be metrics the app developer is collecting. It's shady but not necessarily a reason to pull the app. All of the comments I could see related to being "spyware" were about ads knowing location, but that's not uncommon for ads, and a user can simply deny location services when the are running the app (as I do for any browser I run).

    Also of course, there's the claim that the app is a "fake" which would imply it does not actually browse using TOR. It doesn't seem that way from the reviews - those could be faked of course but it seems like you would ALSO see reviews noting it does not work at all. It's not like people do not LOVE to read one-star reviews for an app when they are unhappy for any reason....

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It was last updated on Nov. 6 and only one of the three customer reviews so far includes a complaint about how ads are being displayed, with the reviewer noting that the app is very good at what it does otherwise.

      vs.

      Tor Browser in the Apple App Store is fake. It's full of adware and spyware. Two users have called to complain. We should have it removed.

      I think the root cause of the complaint is the Tor Project afraid that this app will tarnish their [adjective] name. You are right that neither the story nor the Tor panic page have anything even mildly resembling evidence of wrongdoing with the app in question.

      As often as I am disgusted by Apple, there needs to be some actual evidence of wrongdoing to justify removing an app. None has been presented, so I cannot side with the Torers until they manage to provide some.

    • Not fake... (Score:2, Interesting)

      by Anonymous Coward

      as much as "not an official release".

      When you are working with something like the TOR network and you want to stay as secure and (hopefully) as safe as possible, you want everything to be officially released. If the browser bundle in the store is not official, you don't know *exactly* what is in it or if they added anything to it. That alone is scary. Especially if you know & trust the TOR project and expect the same from the app as you get from their other browser bundles.

      "Fake" is definitely the wr

      • by SuperKendall (25149) on Thursday March 20, 2014 @05:12PM (#46538279)

        "Fake" is definitely the wrong way to describe it ( if it actually does use TOR ), but it definitely makes a bigger impression than "unofficial".

        From further reading on the app, it seems that even though "unofficial" does not sound as impressive, it's the better path to taking down this app. The app seems to be using a copyrighted TOR logo without permission, and also linking to the TOR site for support even though that is not owned by the developer.

        If they want to pull the app they should note the copyright violations to Apple rather than the vague claims of "spyware" without proof. Apple treats copyright claims very seriously. The developer could put the app back up using a different logo and support link, but that's OK until someone can prove real harm from using the app.

        • by AmiMoJo (196126) * <mojo@@@world3...net> on Thursday March 20, 2014 @05:28PM (#46538399) Homepage

          "Tor Browser Bundle" is the name of the official secure browser/Tor app distribution. This app was using the name but was not associated with the creators of the real Tor Browser Bundle at all, and apparently contained advertising and spyware which as well as putting users at risk was damaging the reputation of the official bundle. Since it wasn't open source or audited there is no way to really know how well it worked, but the fact that it had advertising suggests that it was not particularly well designed since adverts themselves leak information about the user.

          Apple apparently doesn't treat copyright claims from non-commercial entities very seriously, as evidenced by the bug report. It took people using their personal contacts to get things moving in the end. If the people at Apple who review apps before releasing them to the app store were half way competent they would never have allowed it in the first place. They clearly didn't understand that the claims it was making could't really be true (due to the advertising at the very least) and a quick google would have revealed that the name was ripped off.

          • In other words, it's something of a trademark issue.

            Is there an actual legal entity called "The Tor Project"? If not, is there somebody who has standing to tell Apple "That's our trademark!"?

        • by DaveV1.0 (203135)
          So, what you are saying is that TOR shouldn't free and open ala FLOSS, yes?
  • by Anonymous Coward

    The app store has been having an increasing share of issues in the past year.

    I pulled my entire app catalog in protest over missing and misfiled reviews going on six months now.

    The usual Apple message:
    "We are aware of the issue but remain unable to give you a timeline on when the issue will be resolved."

    Something big will have to happen to focus efforts on cleaning up the app store; the cracks in the infrastructure are there and growing.

  • by Anonymous Coward

    Tor is a trademark of the Tor Project. If the app is advertising itself as the Tor Browser, it's a clear trademark violation.

    • by Goaway (82658)

      Wait, so we like trademark law in this thread? Because I just came from another thread where trademark law was literally Hitler, and I forgot to change.

      • by pipedwho (1174327) on Thursday March 20, 2014 @10:18PM (#46540235)

        Trademark/Copyright/Patent law aren't all inherently viewed as bad when implemented and executed properly. However, there are numerous examples (some of which appear on Slashdot) when the holder/government have overstepped the mark. This creates a feeling that the best solution to stop the abuses is to remove the system all-together. Here are some examples of the good/bad dichotomy:

        Trademarks protecting an obvious brand-name: OK
        Trademarks protecting a vague/generalised name/design: BAD

        Patents protecting a clearly novel, non-obvious and very specific invention: OK
        Patents on broad general topics and/or obvious incremental improvements: BAD

        Copyright protecting a creator from having their clearly original work from being re-distributed commercially for a short time (14 years): OK
        Copyright on a few bars of music that appear in the middle of a song from 75 years ago that could easily have been re-created without ever being exposed to the original: BAD

      • by Bogtha (906264)

        Trademark law, like copyright, is relatively sensible as it is designed to be used. Trademark law is designed to protect customers, not corporations. It's there so that when you buy a FooBar, you know you are getting a genuine FooBar and not a knock-off. However some people treat it like ownership of words and use it as a club to censor people. That's what people usually object to, not trademarks as they were intended to be used.

      • Trademarks are neither copyrights or patents. From my perspective:

        Under trademark law, I can't write software and try to fool people into thinking it came from you. Under copyright law, I can't borrow your software; I have to write my own. Under patent law, I can't write my own blasted software, and that ticks me off.

    • by DaveV1.0 (203135)
      Not exactly. They could say it is "A TOR(tm) browser" and be perfectly safe.
  • Apple (Score:2, Insightful)

    by koan (80826)

    So the timing for that SSL "flaw" was nice.
    http://daringfireball.net/2014... [daringfireball.net]

    Plus now that it's come out Apple was pretty much on board with the NSA and their recent encryption weakness is anyone surprised.
    http://www.theguardian.com/wor... [theguardian.com]

    http://www.theguardian.com/wor... [theguardian.com]

    http://www.theguardian.com/wor... [theguardian.com]

    Not to mention every iPhone is a WiFi scanner + Geographical locator.

"Show business is just like high school, except you get paid." - Martin Mull

Working...