Fake apps on App Store are eroding Apple’s sideloading policies

Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Apple is trying to maintain the image of its App Store as a safe and secure space for its customers who want to download all the iOS apps they need. However, fake apps can still be found everywhere in the place, causing many to question the company’s strict app sideloading restriction. 

The fake apps

Apple users are still unallowed to download apps from other places besides the company’s App Store. For the Cupertino giant, it is part of the steps it can take to protect its users from scams and even malware. Interestingly, the problem involving fake apps is prevalent in the App Store. Even more, they are commonly one of the top suggestions on the platform.

Fake Trezor Wallet Bitcoin app. A few weeks ago, another fake app managed to enter the App Store. However, instead of disguising itself as a legitimate app by using keywords, it directly named itself after the Trezor app. Called “Trezor Wallet Suite,” the app could reportedly steal the crypto details of users. 

Rafael Yakobi, who works for an exclusively cryptocurrency-focused law firm in the US, reported the sighting of the app this week. “The first search result for ‘Trezor’ in the Apple @AppStore is a malicious application that will request your seed phrase, allowing its operators to steal all of your crypto. This app has been up for weeks, although the total number of victims is unknown, it could easily be in the hundreds or thousands.”

It is unknown how many users downloaded the app or if there are active cases of scams involving it. Thankfully, it is now removed weeks after being reported. This, however, is not the case in some authenticator apps in App Store, which even reached months before Apple took them down.

Authenticator apps. In February, a duo of security researchers named Mysk reported the matter, showing a list of fake apps in the App Store. They also highlighted one specific authenticator app (Authenticator App, 2FA) that used a strategy ensuring it would always be on the top of suggestions when users searched for “Microsoft Authenticator,” “Google Authenticator,” or simply “authenticator app.”

“So this scam #2FA app is using custom product pages of Apple Search Ads to trick users,” Mysk explained. “It has different campaigns per search keywords. When searching for ‘Microsoft Authenticator,’ it shows screenshots highlighting ‘Microsoft.’ And when searching for ‘Google Authenticator,’ it highlights ‘Google.'”

The researchers underscored that Apple approves the custom product pages. Nonetheless, it didn’t stop the app from reaching the top page results in App Store, which Mysk noted even ranked 18th as a productivity app on the German AppStore.

“The app disguises as a Microsoft app,” Mysk added. “It is the top hit when you search for ‘Microsoft Authenticator’ and the developer has updated the screenshots in the ad card to highlight the word ‘Microsoft.’ Surprisingly, the product page of the app shows different screenshots with the word ‘Microsoft’ removed. The app now has 1.2K reviews, as opposed to 18 when we first addressed the app.”

The duo said the app “steals secrets” but is now removed from Apple App Store. However, it is important to note that it took Apple almost four months before it took the proper actions.

ChatGPT app. The rise of ChatGPT gave bad actors the idea to use the craze to lure users into malware pits. Surprisingly, the iOS App Store also became a platform for their distribution.

Prior to the release of the official OpenAI ChatGPT app, lots of fake AI apps could be found in the top suggestions of the App Store. Some intentionally included words like GPT, ChatGPT, GPT-3, and even GPT-4 to fool users. However, even when the official ChatGPT app was initially rolled out, many reported that the fake apps continued to dominate the top suggestions, making it difficult to locate the actual ChatGPT app at that time. 

Fortunately, the ChatGPT app managed to collect a considerable number of downloads despite being buried under the pile of fake apps. It seems Apple has also finally resolved the issue of the suggestion of pretentious AI apps in the place when users are searching for the real ChatGPT app.

Deterring copycats

Earlier this month, Apple updated its App Store Review Guidelines. One of the biggest changes points to the new reminder about submissions of apps intentionally copying the popular ones to mislead customers.

“Come up with your own ideas,” Apple’s updated agreements and guidelines read. “We know you have them, so make yours come to life. Don’t simply copy the latest popular app on the App Store, or make some minor changes to another app’s name or UI and pass it off as your own. In addition to risking an intellectual property infringement claim, it makes the App Store harder to navigate and just isn’t fair to your fellow developers. Submitting apps which impersonate other apps or services is considered a violation of the Developer Code of Conduct and may result in removal from the Apple Developer Program.”

The move seems to be a response to the cases mentioned above. However, the issue still persists in the platform, with the fake authenticator apps using misleading keywords proving this.

App sideloading

The recent and frequent listings of fake apps on the App Store pushed many to question Apple’s argument about its continuous restriction regarding app sideloading. For the company, limiting the app installation in its official online store could help ensure its users’ security. However, this seems no longer the case among Apple users, with many fake apps roaming the App Store recently.

Apple, of course, works non-stop to eradicate them, but sometimes, the time it takes to do it is concerning. This translates to constant exposure of users to fake apps, which is the main reason behind the company’s app sideloading restrictions. With this, Apple’s sideloading policies continue to become irrelevant over time.

The company seems aware of this and is now gradually changing its views. Craig Federighi, Apple’s senior vice president of Software Engineering, said the company was already considering it after talks with the EU, which continues to question the policy. The Japanese government added to the pressure by recently drafting some regulations, which could soon push Apple (and Google) to allow its customers to download apps from third-party platforms.

Allowing app sideloading (given Apple will impose safety compliance among platforms) will benefit customers by giving them more app options. It should also favor app developers, who currently have no choice but to list their apps in the App Store and pay the company 30% as sales commission. 

In the end, with all these regulations and recent events, it is no longer impossible that Apple could soon allow the installation of third-party apps from other platforms in the future. Of course, the company won’t let that happen easily, as some safety compliance should still be observed. Yet, it is nice to know that sometime in the future, Apple will allow its system to be more flexible.