The makers of the LastPass password manager have issued a warning that "LassPass" on the App Store is fraudulently impersonating the real app.
LastPass is one of many password managers available, although it has had its share of controversies. Now it has issued an alert concerning an alleged fraudulent copy of its app.
"LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store," says the warning in a blog post. "The app in question is called 'LassPass Password Manager' and lists Parvati Patel as the developer."
"The app attempts to copy our branding and user interface," continues the warning, "though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent."
This "LassPass" app does indeed resemble LastPass's branding and while its description doesn't follow the real app's wording, it is fundamentally the same. That said, it would be since the descriptions concern the same emphasis on the importance of password security, and on similar app features that any password manager would have.
That said, it is seemingly passing itself off as LastPass, which raises the question of whether it's not just a knockoff, but instead a tool for later phishing. In any case, it's bad that a knockoff of an extremely well known app get through the App Store's review team — especially when Apple is arguing that this process means it's more secure than third-party stores.
"Rest assured, LastPass is actively working to get this application taken down as soon as possible," continues the LastPass blog, "and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property."
4 Comments
Assuming LastPass followed normal developer procedure and reported it to Apple first, I am pretty shocked and disappointed that Apple didn’t suspend the app immediately after hearing from the company, and that LastPass had time to issue a press release, and says it is “actively working” to get the fake app taken down.
Without knowing any further details other that what's reported here, this calls into serious question what Apple's review process involves. There is nothing tricky or slyly deceptive going on here that would make it hard to spot--this an egregious, couldn't-be-more-blatant attempt to steal passwords via the almost primitive method of faking a well-known app by changing a letter in its name. And if Apple can't catch THIS in review, what else is getting by them?
Looks like it was taken down. Lasspass might have been a good name for a British dating app.
Also: Totally agree with Charlesn.
Not to mention, the alleged author “Pavarti Patel” is one letter away from a Harry Potter character.