Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing

By Mike Wuerthele

Fake apps have always been a problem to some extent on Apple's App Stores, with the latest round from China focusing on brands without dedicated apps, as well as online shopping from existing ones in an attempt to steal customer data and financial information.

A report by the New York Times points out that a rogue app producer going by the name of "Footlocke Sports" populated the app store with fake apps for Puma, Nike, Canada Goose, Celine, and others. The apps, when functional, were attempting to induce shoppers to buy products that would never arrive, with the scammers collecting user information and credit card data.

Apple has since removed the latest batch from "Footlocke Sports."

"We strive to offer customers the best experience possible, and we take their security very seriously," said Apple spokesman Tom Neumayr. "We've set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We've removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk."

The Apple review process focuses more on the security of the iOS device itself, rather than potential sources of data theft. Additionally, intellectual property matters are a complex matter of law, and Apple will respond to copyright or trademark claims, but generally after an app is already published and a genuine copyright holder has complained.

"Users can help us and focus our manual review efforts by reporting fraudulent or problematic apps through the normal means in the App Store." -- Apple, on how users can help clean up the App Stores.

"We get thousands of apps submitted for review daily," AppleInsider was told by a source familiar with the review process inside Apple. "Automated services review apps, and while we have had some very brief, very local problems, notably with a modified Xcode in China a while ago, apps on the store are safe for compatible devices."

"That said, the developers want fast review, right? If they want us to evaluate apps in detail based on where they're sending data, that would take months of review and analysis before an app goes live," we were told. "We catch the really, really blatant ones, though."

The problem is further aggravated by developers making changes to apps after the initial, most strict, review of the package.

China app factories

The New York Times spoke with a company, Cloaker Apps, that develops apps-for-hire, and doesn't check the credentials of a company before doing so. The company charges about $3,000 for an English-language app, generally poorly translated.

"We hope that our clients are all official sellers," head of Cloaker Jack Lin said. "If they are using these brands, we need some kind of authorization, then we will provide services."

The Cloaker website lists its headquarters location on the Menlo Park Facebook campus. After initially denying the location, Lin claimed to have "tens of employees" at the address for the California company location after it was pointed out to him.

Cloaker most recently developed a fake Dollar Tree app, which one reviewer said was non-functional. Dollar Tree has no official app, and no intentions on developing one at this time.

Apple's cleanup is ongoing

Besides just the recent purge of fake shopping apps, Apple is in the middle of a top-down review of the App Store, to purge apps that haven't been updated in a long period of time, or have been abandoned.

At the beginning of September, Apple started the process of evaluating legacy apps for problems, and focusing on "quality" apps.

"We know that many of you work hard to build innovative apps and update your apps on the App Store with new content and features," Apple said. "However, there are also apps on the App Store that no longer function as intended or follow current review guidelines, and others which have not been supported with compatibility updates for a long time."

Speaking with Apple, we have learned that this effort is on-going, and applies to bogus apps as well, such as those highlighted by the report in the New York Times.

"The quality review team doing the App Store cleanup is separate from the ones overseeing the initial review," AppleInsider was told by our source. "Apps that crash on launch for a majority of users are immediately killed. But, users can help us and focus our manual review efforts by reporting fraudulent or problematic apps through the normal means in the App Store."

The "Footlocke" apps that Apple killed as a response to the New York Times investigation on the Google Play store existed when this story was published, but have since been stricken. The apps lived on Google Play five days longer than they did on the iOS App Store.