IPhone users get­ting lured in by fake apps

Coun­ter­feit pro­grams ap­pear to be op­er­ated by well-known brands

Toronto Star - - BUSINESS - VINDU GOEL

SAN FRAN­CISCO— Hun­dreds of fake re­tail and prod­uct apps have popped up in Ap­ple’s App Store in re­cent weeks — just in time to de­ceive hol­i­day shop­pers.

The coun­ter­feit­ers have mas­quer­aded as re­tail chains like Foot Locker, big depart­ment stores like Nord­strom, on­line prod­uct bazaars like Zap­pos.com and Polyvore and lux­ury-goods mak­ers like Jimmy Choo, Chris­tian Dior and Sal­va­tore Fer­rag­amo.

“We’re see­ing a bar­rage of fake apps,” said Chris Ma­son, chief ex­ec­u­tive of Brand­ing Brand, a Pitts­burgh com­pany that helps re­tail­ers build and main­tain apps. He said his com­pany con­stantly tracks new shop­ping apps, and this was the first time it had seen so many coun­ter­feit iPhone apps emerge in a short pe­riod of time.

Some of them ap­peared to be rel­a­tively harm­less — es­sen­tially junk apps that served up an­noy­ing pop-up ads, he said.

But there are se­ri­ous risks to us­ing a fake app. En­ter­ing credit card in­for­ma­tion opens a cus­tomer to po­ten­tial fi­nan­cial fraud. Some fake apps con­tain mal­ware that can steal per­sonal in­for­ma­tion or even lock the phone un­til the user pays a ran­som. And some fakes en­cour­age users to log in us­ing their Face­book cre­den­tials, po­ten­tially ex­pos­ing sen­si­tive per­sonal in­for­ma­tion.

The rogue apps, most of which come from de­vel­op­ers in China, slipped through Ap­ple’s process for re­view­ing ev­ery app be­fore it is pub­lished.

That scru­tiny, which Ap­ple mar­kets as an ad­van­tage over Google’s less re­stric­tive An­droid smart­phone plat­form, is sup­posed to stop any soft­ware that is de­ceit­ful, that im­prop­erly uses an­other com­pany’s in­tel­lec­tual prop­erty or that poses harm to con­sumers.

In prac­tice, how­ever, Ap­ple fo­cuses more on block­ing ma­li­cious soft­ware and does not rou­tinely ex­am­ine the thou­sands of apps sub­mit­ted to the iTunes store ev­ery day to see if they are le­git­i­mately as­so­ci­ated with the brand names listed on them.

With apps be­com­ing more pop­u­lar as a way to shop, it’s up to brands and de­vel­op­ers to watch for fakes and re­port them, much as they scan for fake web­sites, said Ben Reuben­stein, chief ex­ec­u­tive of Pos­si­ble Mo­bile, a Den­ver com­pany that makes apps for JetBlue Air­ways, the PGA Tour and Poke­mon Co., among oth­ers.

“It’s im­por­tant that brands mon­i­tor how their name is be­ing used,” he said.

Ap­ple re­moved hun­dreds of fake apps Thurs­day night af­ter the New York Times in­quired about the spe­cific app ven­dors that cre­ated many of them.

Other apps were re­moved af­ter a New York Post ar­ti­cle last week drew at­ten­tion to some of the coun­ter­feits.

“We strive to of­fer cus­tomers the best ex­pe­ri­ence pos­si­ble, and we take their se­cu­rity very se­ri­ously,” Ap­ple spokesper­son Tom Neu­mayr said. “We’ve set up ways for cus­tomers and de­vel­op­ers to flag fraud­u­lent or sus­pi­cious apps, which we promptly in­ves­ti­gate to en­sure the App Store is safe and se­cure. We’ve re­moved these of­fend­ing apps and will con­tinue to be vig­i­lant about look­ing for apps that might put our users at risk.”

De­spite Ap­ple’s ef­forts, new fake apps ap­pear ev­ery day. In some cases, de­vel­op­ers change the con­tent of an app af­ter it has been ap­proved by Ap­ple’s mon­i­tors. In other in­stances, the coun­ter­feit­ers change their names and cre­den­tials, and re­sub­mit sim­i­lar apps af­ter one round of fakes is dis­cov­ered.

“It’s a game of whack-a-mole,” Ma­son of Brand­ing Brand said.

On Fri­day, for ex­am­ple, an en­tity call­ing it­self Over­stock Inc. — an ap­par­ent at­tempt to con­fuse shop­pers look­ing for the on­line re­tailer Over­stock.com — was ped­dling Ugg boots and ap­parel through a fake app that was nearly iden­ti­cal to one ban­ished by Ap­ple on Thurs­day.

The same Chi­nese app de­vel­oper, Cloaker Apps, cre­ated both fake Ugg apps on be­half of Chi­nese clients.

Jack Lin, who iden­ti­fied him­self as the head of Cloaker, said in a phone in­ter­view in China that his com­pany pro­vides the back-end tech­nol­ogy for thou­sands of apps but does not in­ves­ti­gate its clients.

Lin said Cloaker charged about $3,000 for an app writ­ten in English.

But like so many of the apps his com­pany pro­duces, Cloaker is not what it pur­ports to be. Its web­site is filled with du­bi­ous claims, such as the lo­ca­tion of its head­quar­ters, which it says is at an ad­dress smack in the mid­dle of Face­book’s cam­pus in Menlo Park, Calif..

In the in­ter­view, Lin at first said he had of­fices only in China and Ja­pan. When asked about the Cal­i­for­nia of­fice, he then claimed to have “tens of em­ploy­ees” at the Face­book ad­dress.

China is the big­gest source of fake apps, ac­cord­ing to se­cu­rity ex­perts.

Many of the fake re­tail apps have red flags sig­nalling that they are not real, such as menus writ­ten in butchered English, no re­views and no his­tory of pre­vi­ous ver­sions.

Data from App­topia show that some of the fake apps have been down­loaded thou­sands of times, although it is un­clear how many peo­ple have ac­tu­ally used them. Re­views posted on some of the apps in­di­cated that at least some peo­ple tried them and be­came frus­trated. Ma­son says con­sumers want to shop on­line and they search for apps from their favourite brands.

“The re­tail­ers who are most ex­posed are the ones with no app at all,” he said. Dol­lar Tree and Dil­lard’s, for ex­am­ple, have no of­fi­cial iPhone apps, which made it eas­ier to lure their cus­tomers to the fake apps.

But the coun­ter­feit­ers have also mim­icked com­pa­nies that do have an of­fi­cial pres­ence in the App Store, hop­ing to cap­i­tal­ize on con­sumer con­fu­sion about which ones are real.

Some of the fake apps have even used Ap­ple’s new paid search ads to pro­pel them to the top of the re­sults screen when cus­tomers search for spe­cific brands in the App Store.

Jon Clay, di­rec­tor of global threat com­mu­ni­ca­tions for Trend Mi­cro, an in­ter­net se­cu­rity firm, said Ap­ple’s tight con­trol over the iPhone had his­tor­i­cally kept ma­li­cious apps out of its App Store. Fake apps ap­peared more of­ten on Google’s An­droid plat­form or on third-party app stores, he said.

But that is be­gin­ning to change. Shortly af­ter the Poke­mon Go game was re­leased in the United States in July, for ex­am­ple, a spate of fake iPhone apps re­lated to the game ap­peared, es­pe­cially in coun­tries where the game was not yet avail­able.

“The crim­i­nals are go­ing to take ad­van­tage of what­ever is hot,” Clay said.

PHOTO ILLUSTRATION BY TAMMY HOY

The fake apps, most of which are made in China, slip through Ap­ple’s ap­proval process.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.