Apple has been blamed for enabling a scam app to steal bitcoin worth $600,000 from a man, by listing the fake app that pretended to be by another company in the App Store.
Cryptocurrency owner Phillipe Christodoulou discovered an app he had installed on his iPhone was fake in February, when he went to check his savings. The app, which was supposedly a companion app for cryptocurrency storage device producer Treznor, turned out to not be associated with the firm at all.
The mistake cost the user dearly, with Christodoulou claiming he had lost 17.1 bitcoin, which was valued at $600,000 at the time, reports the Washington Post. The app was fake, and had effectively handed over the cryptocurrency to scammers.
The app was listed in the App Store under the Treznor brand, though the company doesn't produce apps for its hardware wallets. Instead, thieves created the app and hosted it on the App Store in January in a bid to steal funds.
Checking the Treznor wallet showed there were no funds stored on it at all.
According to Christodoulou, the app was listed as having close to five stars on its reviews, which helped him trust the app enough to download it. Since the event, he is no longer happy with the company, which he noted as reviewing apps before they appear in the App Store in the first place.
"They betrayed the trust that I had in them," said Christodoulou. "Apple doesn't deserve to get away with this."
According to Apple, the app made it into the App Store by changing its purpose after getting into the store. The app was presented as a "cryptography" app for review, and that it "is not involved in any cryptocurrency," allowing it to appear in the App Store from January 22.
At a later time, the app changed purpose into a cryptocurrency wallet, a move that Apple doesn't allow. After being informed by Treznor about the fake app, Apple pulled it and banned the developer, but it was swiftly followed up by another Treznor app hitting the App Store.
While Apple did initially ban cryptowallets from the App Store, it allowed them in 2014, while also placing many restrictions on how the apps functioned. There are now many ways to buy cryptocurrencies from an iPhone and other Apple hardware,
"User trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since," said Apple spokesman Fred Sainz. "In the limited instances when criminals defraud our users, we take swift action against these actors as well as to prevent similar violations in the future."
Apple said it removed some 6,500 apps from the App Store in 2020 for having "hidden or undocumented features," many of which were scam apps.
Christodoulou isn't the only one to have been affected by the scam, with Coinfirm claiming five people have reported thefts via the iOS app totaling $1.6 million. Fake Treznor apps on Android are also thought to have stolen a total of $600,000.
Scam apps and other bad actors are continuing to be an issue for online storefronts like the App Store. So-called "fleeceware" on iOS and Android that rely on high subscription fees have cost consumers more than $400 million, research from Avast claimed in March, but while they are morally questionable, they're technically legal.
Developers have also complained about scam apps that attempt to copy established apps, including marketing videos, but charge users a subscription while not providing all of the promised features. The complaints include how the apps are manipulating App Store reviews to get high scores, with fake praise cancelling out negative complaints.