Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Apple

Fraudulent Apps Found In Apple's Store 89

snydeq writes Angry support queries citing problems with mystery iOS apps has led InfoWorld's Simon Phipps to discover the existence of several scamware apps in Apple's App Store. "If you're a scammer looking to make a fast buck, it appears that [Apple's App Store] process can be defeated," Phipps reports. "The questions originated from a support link for a $2.99 app in Apple's iTunes Store," which pointed angry customers to the Apache OpenOffice community, which doesn't even have an iOS app. The app in question, Quickoffice Pro, "simply displays a gray screen with the word Tap. When you tap the screen, the app exits." Further investigation has uncovered two other scam apps thus far.
This discussion has been archived. No new comments can be posted.

Fraudulent Apps Found In Apple's Store

Comments Filter:
  • Clearly (Score:5, Funny)

    by Anonymous Coward on Wednesday December 03, 2014 @05:37PM (#48518355)
    You're tapping it wrong.
  • by Anonymous Coward

    Leave Apple alone!

  • Wasn't stuff like this supposed to be prevented by having a walled garden?

    • by kesuki ( 321456 )

      on the road to being a 700 billion dollar company a few walls had to be torn down....

    • by Anonymous Coward

      Wasn't stuff like this supposed to be prevented by having a walled garden?

      Dude, people have also breached the walls, so to speak, at 1600 Pennsylvania Avenue, A.K.A. the WHITE HOUSE.

      Calm down, they'll take care of it. If security in the iOS App Store were perfect, that would be quite a feat. Being tighter than the security at the WHITE HOUSE ought to make most people happy.

      It's like you wouldn't be impressed with what Bishop did with that knife in Aliens because he managed to knick his finger doing something he apparently does quite a bit and normally DOESN'T MISS. Misses so i

    • Re:Security? (Score:5, Interesting)

      by v1 ( 525388 ) on Wednesday December 03, 2014 @06:57PM (#48518877) Homepage Journal

      not prevented, just greatly reduced.

      Though even just looking at raw numbers isn't even fair. Apppl's store inventory dwarfs all of the others, and still numerically has fewer scams. It ought to work the other way around unless the wall is performing very effectively.

      But bottom line here is some reviewers just got fired, and those that remain were harshly threatened. Reminds me of the recent peer reviewed journals that got caught with some lazy reviewers rubber stamping to boost their productivity numbers.

    • Wasn't stuff like this supposed to be prevented by having a walled garden?

      A handful out of several million ain't half bad, considering.

      I think the only other app store that could do better would be Blackberry, but only due to the fact that nobody uses it anymore (or at least not enough to have found and purchased a scam app).

      • by tepples ( 727027 )

        I think the only other app store that could do better would be Blackberry

        I haven't read stories about malware on Xbox Live Marketplace, PlayStation Store, and Nintendo eShop.

        • The volume of games to review and look over is much less, and probably easier to track what info it's gathering when the game is being played.
        • I haven't read stories about malware on Xbox Live Marketplace, PlayStation Store, and Nintendo eShop.

          Fair call, but consider that it costs a pretty penny to get an app into any of those marketplaces, and they're almost orders of magnitude smaller than even Blackberry's App store...

  • by bhlowe ( 1803290 ) on Wednesday December 03, 2014 @05:50PM (#48518443)
    2 lameware apps out of 1.2 million apps? I'm guessing people will get over it.
    • by amber_of_luxor ( 770360 ) on Wednesday December 03, 2014 @06:05PM (#48518563)

      The issue is that Apple claims that each app is vetted for potential security issues. By most definitions of the term, "fraud" falls under the category "security issue". Consequently, the discovery of even one fraud app means that Apple is not vetting apps in a manner consistent with what they claim.

      • Re: (Score:2, Insightful)

        by Cabriel ( 803429 )

        What? So an accuracy rate of 99.99992% isn't good enough? I suppose we can trust Google to top that.

        • by Anonymous Coward

          What? So an accuracy rate of 99.99992% isn't good enough? I suppose we can trust Google to top that.

          The article said that they found a bunch of apps using the name and the icon. They didn't say they'd checked them all and they didn't say there were no other scam apps. It seems pretty likely, in fact, that there are a lot of others or they wouldn't have stumbled over this one.

          I'd say it's news because . . . it's interesting and suggests that there's more to be found.

          So, I'll see your number and make up one

      • The issue is that Apple claims that each app is vetted for potential security issues. By most definitions of the term, "fraud" falls under the category "security issue". Consequently, the discovery of even one fraud app means that Apple is not vetting apps in a manner consistent with what they claim.

        That's what I've been saying, Apple just isn't popular enough to attract the number of hackers for real security issues. One day some hackers might take notice of them, but they are lucky it's only one or two for now!

    • It's news because it is supposed to be an extensively vetted process to get in the store, if such a blatantly obvious scamware app is making it in then obviously the vetting is far less than previously though.

    • by narcc ( 412956 )

      How do we know that there are only 2 lameware apps? (Ignoring the fact that the article mentions 3 apps.)

      That's "2" that a part-time columnist on a deadline found without much effort. I suspect that the actual number is significantly higher...

  • by EndlessNameless ( 673105 ) on Wednesday December 03, 2014 @05:52PM (#48518455)

    This is where Apple can provide value to their customers by managing the ecosystem.

    They should be more than capable of issuing refunds to anyone who was scammed, remotely nuking the app, and punishing the publisher in an appropriate manner.

    If they do all of those things, it justifies some of their policies, at least for mainstream users.

    • The thing is, Android is a capable of doing all those things (issuing refunds, punishing the vendor, etc) in it's store too, without a "walled garden" approach.

      The walled garden [wikipedia.org] metaphor refers to the iOS platform, where users can't install applications except through Apple's blessed appstore, not to the store itself.

      • Android also currently has issues with malware that haven't cropped up inside the walled garden.

        Walled gardens are appropriate for appliance-based computing. If you want a more open platform, you need to do a lot more footwork yourself. Android is a great platform for such users.

        • This article is about such issues, though. If you have a walled garden, you're basically trading your freedom, for the ability to have someone else police the software, to presumably eliminate such threats.

          That trade-off's value is entirely dependant on the quality of the policing done on the software inside the walled garden. Historically, Apple's been pretty good about it, too. But with people locked into the ecosystem by their prior app purchases, there's less and less incentive for apple to spend resour

          • 2/1.2Mil seems like a pretty good ratio to me; if I had that sort of a blip on the surface of a road I was driving on, it would be completely unnoticeable. The important thing is how they deal with the blip -- if they respond quickly and add new logic to protect against this kind of system gaming, it's all good. If they go on a media blitz showering us with unicorns, it's time to quickly scale the garden wall.

    • by AmiMoJo ( 196126 ) *

      It would be nice if they did actually manage it though, rather than just being glorified malware scanners. 1.2M apps sounds impressive, but how many of them are pointless cracked screen apps that for some reason need to read your contact list, or "worlds brightest flashlight" apps that absolutely must have internet access to work. Then there is the plague of clones, making it harder for legitimate developers to prosper because asshats like Zynga just rip off their work and throw $$$ at marketing.

      It would be

  • Hmmm.. (Score:2, Interesting)

    by Anonymous Coward

    "A developer that we hired as a freelance third party vendor published this app under my personal Apple developer account without permission or my knowledge. I take app fraud very seriously and will have the app removed as soon as possible."

    Surely he would have noticed sales from this app appearing in his account. So where does the money go ?
    I smell something bovine.

    • by jeremyp ( 130771 )

      Money going into my account? No, never noticed any... ... what's that you say? Yes, it is a nice new car. We're off to the Seychelles next week too. It's paid for by a bequest from Aunt Mildred's goldfish.

  • It does what? (Score:5, Interesting)

    by SeaFox ( 739806 ) on Wednesday December 03, 2014 @06:10PM (#48518595)

    How does an app with no functionality get through the approval process to start with? This isn't a case of the app having a secret feature of calling home or installing malware. I mean, if it doesn't do anything how could anyone have reviewed the app to begin with?

    • by Tom ( 822 )

      How does an app with no functionality get through the approval process to start with?

      Because no process is flawless. 3 out of 1.2 mio. Heck, in a lot of touristic areas, the percentage of brick-and-mortar stores that are scams is higher.

    • I can think of some theories.

      1) The reviewer did a mistake. Maybe he was reviewing multiple applications and from the bunch one slipped to the store even if it was not yet reviewed properly.
      2) The reviewer was sloppy and did not do his job carefully and ethically.
      3) There was some technical problem.
      4) Some attacker got into the system and messed with things.

      • by AmiMoJo ( 196126 ) *

        From what we know of the approval process it is automated in many cases. The exact criteria for them doing an automated test is not known, but there is a lot of research going on into how to exploit it.

  • ...and if so, it's cheap at just $2.99. Heck, how many times have you paid more than that to go through an art gallery, only to find the inevitable "Painting with Single Dot in the Middle"? Better yet, this art is both multimedia and interactive.

  • Didn't Google remove Quickoffice in favor of Google Docs already?
    At least do some research first before paying the 99$ developer fee to be able to upload apps in the first place.

    Then again, it was released around the time Google was deciding to shut down the app.
    App Details [appannie.com]

  • by Saysys ( 976276 ) on Wednesday December 03, 2014 @06:29PM (#48518721)
    Quickoffice Pro is a useful program i've been using since I purchased an iPhone 3G. It recently had a bad update that broke it, a mistake on the publisher's part no doubt, but not a scam. Honestly this article reads way to joyously consists of way too little research on the subject.

    It's like some people want IOS to suck in the same ways Android does; sorry folks! It sucks in it's own ways.
    • by Anonymous Coward on Wednesday December 03, 2014 @06:46PM (#48518819)

      If you had even went as far as reading the summary, you would have seen that these apps are not the actual quickoffice owned by google (and since discontinued), but scam apps designed to get people to pay for them but do not deliver the advertised functionality. They are blatant ripoffs, down to stealing google's logo and including bogus support links to avoid attention.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Wednesday December 03, 2014 @08:25PM (#48519283)
    Comment removed based on user account deletion
  • I have and have used QuickOffice Pro which *was* a valid app. Reading the article I didn't even know QuickOffice Pro had been bought out by Google and retired.

    So, useful information from my perspective.

    I had not used it recently since I do not usually use typical "office" type apps on an iPad - mostly use it for professional music production instead, and the only reason I had it on there was to make edits to a spreadsheet that contained DAW track lists and assignments, but I can also access those another wa

    • OK. So, seems like *Google* removed the functionality. From their support page:

      "As of April 1, 2014, you will not be able to access files from any cloud storage services including Google Drive from within Quickoffice Pro and Pro HD applications. For existing Quickoffice Pro and Quickoffice Pro HD users, you can continue to use your existing app to create, view and edit documents, although moving to the Quickoffice app will allow you to take advantage of new features and updates to the product. For these rea

  • by ruir ( 2709173 ) on Thursday December 04, 2014 @04:44AM (#48521053)
    Let me reiterate...this article is a troll. You can go the iTunes app, and ask for your money back in the first 14 days, if memory does not fail me, and Apple will give it back, no questions asked. I lost count of the Apps I returned. As far as I remember your payments to the author of the app are only transferred after 30 days, or something like that.
    • Well, hmm, I've had the app in question - QuickOffice Pro HD - for a couple of years, so I can't do that. I just hadn't used it recently and hadn't noticed it had been messed with. So, I *can't* get a refund.

      • by ruir ( 2709173 )
        So a app has never been discontinued after a few years on another platform for you, that is it? You can hardly fault the platform or the store for it.
    • by AmiMoJo ( 196126 ) *

      Yet people are still bothering with these scams. There must be a reason, and the reason is certainly money... So how do they make a profit if everyone gets a refund?

      Either everyone isn't getting a refund... Maybe they forget or something, but surely 14 days is long enough for Apple to notice and bulk refund everyone. So the other option is to include some exploits in the code that generates cash somehow.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...