A scam bitcoin app designed to look like a real app was accepted by Apple’s App Store review team and ended up costing iPhone user Phillipe Christodoulou 17.1 bitcoin, or upwards of $ 600,000 at the time of the theft . The Washington Post.
Christodoulou wanted to check his bitcoin balance in February, and searched Apple’s App Store for “Trezor”, the company that makes the hardware device where he stored his cryptocurrency. He saw an app with the Trezor padlock logo and a green background, so he downloaded it and entered the credentials.
Unfortunately, the app was fake and designed to look like a legitimate app to deceive bitcoin owners. Christodoulou had his total bitcoin balance stolen from him, and he is angry at Apple. “Apple does not deserve to get away with this,” he said The Washington Post.
Apple considers all submissions of App Store apps to prevent scams from being downloaded by iPhone users, but there are many scams and copying apps like the fake Trezor app that slip past and have major consequences for iPhone users.
Apple says the fake Trezor app came through the “App Store” through “a bait-and-switch.” It was called Trezor and used the Trezor logo and colors, but said it was a “cryptography” app that would encrypt iPhone files and store passwords. The developer of the fake app told Apple that it was not involved in any cryptocurrency. After the fake Trezor app was submitted, it turned into a cryptocurrency wallet, which Apple failed to detect.
Meghan DiMuzio, CEO of the Coalition of App Fairness, which counts anti-Apple companies such as Epic Games as a member, said that Apple “shifts myths about users’ privacy and security as a shield against its competitive ‘App Store’ practices.” She said Apple’s security standards are “inconsistently used across apps” and “only enforced when it benefits Apple.”
Apple spokesman Fred Sainz said The Washington Post that Apple is taking swift action when criminals scam iPhone users.
User trust is the basis for why we created the App Store, and we have only expanded that commitment in the years since. Study after investigation has shown that App Store is the most secure app market in the world, and we are constantly working to maintain that standard and to further strengthen App Store’s protection. In limited cases when criminals defraud our users, we take swift action against these actors, as well as to prevent similar violations in the future.
Apple declined to comment on how often scams are found, nor how often they are removed from the App Store. However, the company said 6,500 apps were removed last year for “hidden or paperless features.”
Apple acknowledged that they have discovered other cryptocurrency scams on the App Store, but did not provide specific details about numbers or whether there had been fake Trezor apps before. Trezor does not offer an iOS app at all, and a Trezor spokesman said it had warned Apple and Google about fake Trezor apps “for years.”
Apple would not deliver The Washington Post with the name of the developer of the fake Trezor app, if the developer had other apps in the App Store under other names, and Apple would not say whether the name was handed over to police authorities. Apple says it removed the fake Trezor app and banned the developer after the actual Trezor company reported it. Another fake app appeared two days later, and Apple removed it as well.
The UK-based cryptocurrency regulator Coinbase said it has received over 7,000 inquiries about stolen cryptocurrencies since 2019, and fake apps found in Google Play and the App Store are common complaints. In fact, five people have had their cryptocurrency stolen by the fake Trezor app on iOS, with a total loss of $ 1.6 million.
Data from Sensor Tower suggests that the fake Trezor app was on the App Store from January 22 to February 3, and was downloaded approximately 1,000 times. The 17.1 bitcoin that Christodoulou lost is worth close to $ 1 million today, and Christodoulou says he has not heard anything from Apple on the subject.
Another iPhone user who lost $ 14,000 in Ethereum and bitcoin said that an Apple representative told him that Apple was not responsible for the loss of the fake Trezor app.