A fake app that was masquerading as password manager LastPass on the App Store has been removed, whether by Apple or the fake app’s developer is yet unclear — Apple has not commented. The illegitimate app was listed under an individual developer’s name (Parvati Patel) and copied LastPass’s branding and user interface in an attempt to confuse users. Beyond being published by a different developer that was not LastPass owner LogMeIn, the fake app also had various misspellings and clues that indicated its fraudulent nature, LastPass said. That such an obviously fake app got through Apple’s App Review process is a bad look for the tech giant, which has been arguing against new regulations, like the EU’s Digital Markets Act (DMA), by claiming these laws would compromise customer safety and privacy.
Key Takeaway
A fake app posing as LastPass was removed from the App Store after being listed under a different developer’s name and copying LastPass’s branding and user interface. The incident raises concerns about the effectiveness of Apple’s App Review process and highlights the need for continued vigilance against fraudulent apps.
Apple’s Concerns Over New Regulations
Apple has expressed concerns over new regulations, such as the EU’s Digital Markets Act (DMA), which allows for third-party app stores and payments. The tech giant has argued that these laws could put consumers at risk because they’ll be able to conduct business outside its App Store with unknown parties. Apple warned that bad actors could potentially utilize the new regulation to trick consumers into buying subscriptions that are difficult to cancel and even target consumers with malware.
Threat from Within the App Store
Despite Apple’s warnings about potential threats from third-party sources, the threat to consumers in this case was coming from within the App Store itself. The fake app, although leveraging the keyword “LastPass” to rank in the search results, did not gain much traction and only ranked No. 7 in the search results. It also never ranked on any of Apple’s Top Charts, indicating that the app likely saw only a handful of downloads before being pulled.
LastPass’s Response
LastPass immediately began a coordinated and multi-faceted approach across its threat intelligence, legal, and engineering teams to get the fraudulent app removed upon discovering it in the Apple App Store. The company is also working with Apple to understand how an application like this passed their normally rigorous security and brand protection mechanisms.