How’s that walled garden working out?
A fake app masquerading as password manager LastPass just got pulled from the App Store | TechCrunch
Submitted 9 months ago by fne8w2ah@lemmy.world to technology@lemmy.world
Comments
cyberic@discuss.tchncs.de 9 months ago
Ghostalmedia@lemmy.world 9 months ago
To be fair, things like this are pretty rare.
The more common experience is that those reviewers are anal as hell reject people for petty stuff. This malware guy lucked out and got the burned out app reviewer who didn’t look twice.
intensely_human@lemm.ee 9 months ago
They’re rare but they’re very effective, because people have their guard down there.
WhatAmLemmy@lemmy.world 9 months ago
Apple can’t hear you over the billions of dollars they’re extorting.
Vub@lemmy.world 9 months ago
I am surprised this happened, it’s the first case of anything like this that I have heard of. Do you know of any other cases?
stoy@lemmy.zip 9 months ago
Pretty well, it was bound to happen sooner or later and thisnis the first time Inhave heard about it
VelociCatTurd@lemmy.world 9 months ago
There’s been plenty of malicious apps found in the past. Though, I’m sure the play store isn’t much better. Disappointing that Apple will bend devs over a Barrel sometimes but they don’t find shit like this.
TheGrandNagus@lemmy.world 9 months ago
There have been loads of dodgy apps on the app store.
JustARegularNerd@aussie.zone 9 months ago
I work at an MSP and while it wasn’t LastPass, when you search “Microsoft Authenticator” in the app store there’s a similar looking Authenticator app that’s also blue. Had a user install that and was confused why they weren’t able to get MFA working.
brbposting@sh.itjust.works 9 months ago
eager_eagle@lemmy.world 9 months ago
Ads in these app stores are a fucking cancer. If the search query is an exact match with the app name, the sensible thing to do is make that app always come first. I guess that won’t pay the bills though.
surewhynotlem@lemmy.world 9 months ago
That said, if you’re searching for LastPass, getting 1password as a result is better.
BlueLou@lemmy.world 9 months ago
I recently ran through an MFA enforcement campaign and had to build that app into my instructions. “Make sure it’s the Microsoft authenticator, not the first result in the paid ad slot” because so many people were installing that app. I do deal with pretty low levels of tech savvyness, but still.
intensely_human@lemm.ee 9 months ago
The word for “savvyness” is “savvy”. It is both an adjective and a noun.
Merlin404@lemmy.world 9 months ago
Hade a user doing the same thing, orr a couple of users… apple just works, yeah sure
cheese_greater@lemmy.world 9 months ago
Its beyond irresponsible it wasn’t pulled the moment the most recent revelations came about. It also made me wonder if Apple “sees” certain fields of your keychain items, in-line with their conflation of convergent encryption as e2ee and other assorted privacy antics
WhatAmLemmy@lemmy.world 9 months ago
Why would you assume they “see” certain keychain fields based on the article?
Dran_Arcana@lemmy.world 9 months ago
I’m glad I wasn’t the only one asking myself that.
Rai@lemmy.dbzer0.com 9 months ago
“Because APPLE BAAAD”
autotldr@lemmings.world [bot] 9 months ago
This is the best summary I could come up with:
Bad actors could potentially utilize the new regulation to trick consumers into buying subscriptions that are difficult to cancel.
When introducing its plan for DMA compliance, Apple wrote, “The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.”
What’s more, it’s upsetting to learn that LastPass had to warn customers publicly about a fake app that never should have been published in the first place.
“Our threat intelligence team posted a blog yesterday to raise awareness and help inform the public and our customers of the situation.
We are in direct contact with representatives from Apple, and they have confirmed receipt of our complaints, and we are working through the process to have the fraudulent app removed.”
Hoff added that the company is working with Apple to “understand more broadly how an application like this passed their normally rigorous security and brand protection mechanisms.
The original article contains 684 words, the summary contains 162 words. Saved 76%. I’m a bot and I’m open source!
Heresy_generator@kbin.social 9 months ago
Yikes; that can't happen. Android users should understand that the Play Store is the like the Wild West and they need to watch their asses, but Apple is constantly seducing their users into complacency when it comes to security and privacy within their ecosystem.
RanchOnPancakes@lemmy.world 9 months ago
YOU ARE PROTECTED IN OUR WALL GARDEN! APPLE USES HAVE NO NEED T- oops, anyway YOU ARE PROTECTED.
Lucidlethargy@sh.itjust.works 9 months ago
They’ve actually been responsible for tons of malware over the years. I recall seeing a massive leak back around 2015, and the story was buried by PR so quickly it left me very impressed.
The idea that iOS is in any way, shape, or form more safe than android is 100% PR. The fact Google allows users to override safety measures and install third party apps at their own risk is entirely why they’ve done this.
If Apple fans realize this is as safe as installing anything else on any computer (including macs), then Apple will have to answer to them. As long as they think they are more protected than android users, however, Apple’s MO to take in money remains safe.
praise_idleness@sh.itjust.works 9 months ago
This is exactly why I hate this stupid excusr so freaking much.