Beware, iPhone users: Fake apps are surging before holidays
SAN FRANCISCO — Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers.
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior, and Salvatore Ferragamo.
“We’re seeing a barrage of fake apps,” said Chris Mason, chief executive of Branding Brand, a Pittsburgh company that helps retailers build and maintain apps. He said his company constantly tracks new shopping apps, and this was the first time it had seen so many counterfeit iPhone apps emerge in a short period of time.
Some appeared to be relatively harmless — essentially junk apps that served up annoying pop-up ads, he said.
But there are serious risks to using a fake app. Entering credit card information opens a customer to potential fraud. Some fake apps contain malware that can steal personal information or lock the phone until the user pays a ransom. And some fakes encourage users to log in using Facebook credentials, potentially exposing sensitive personal information.
The rogue apps, most of which came from China, slipped through Apple’s review process. That scrutiny, which Apple markets as an advantage over Google’s less restrictive Android smartphone platform, is supposed to stop any software that is deceitful, that improperly uses another company’s intellectual property, or that poses harm to consumers.
In practice, however, Apple focuses more on blocking malicious software and does not routinely examine the thousands of apps submitted every day to see if they are legitimately associated with brand names.
It is up to brands and developers themselves to watch for fakes and report them, much as they scan for fake websites, said Ben Reubenstein, chief executive of Possible Mobile, a Denver company that makes apps for JetBlue Airways and Pokemon Co., among others. “It’s important that brands monitor how their name is being used,” he said.
Apple removed hundreds of fake apps Thursday after The New York Times inquired about vendors that created many of them. Other apps were removed after a New York Post article last week drew attention to some of the counterfeits.
“We strive to offer customers the best experience possible, and we take their security very seriously,” said an Apple spokesman, Tom Neumayr. “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure.”
In September, Apple also embarked on a campaign to review all 2 million apps in the App Store and remove “apps that no longer function as intended, don’t follow current review guidelines, or are outdated.” The company says a significant number of apps have been removed and the review is continuing.
Despite Apple’s efforts, new fake apps appear every day. In some cases, developers change the content of an app after it has been approved by Apple’s monitors. In other instances, the counterfeiters change their names and credentials, and resubmit similar apps after one round of fakes is discovered.
“It’s a game of whack-a-mole,” Mason, of Branding Brand, said.
Many of the fake retail apps have red flags signaling that they are not real, such as nonsensical menus written in butchered English, no reviews, and no history of previous versions.
In one fake New Balance app, for example, the tab for phone support did not list a phone number and said, “Our angents are available over the hone Monday-Firday.”