Fraudulent Apps Found In Apple's Store

snydeq writes Angry support queries citing problems with mystery iOS apps has led InfoWorld's Simon Phipps to discover the existence of several scamware apps in Apple's App Store. "If you're a scammer looking to make a fast buck, it appears that [Apple's App Store] process can be defeated," Phipps reports. "The questions originated from a support link for a $2.99 app in Apple's iTunes Store," which pointed angry customers to the Apache OpenOffice community, which doesn't even have an iOS app. The app in question, Quickoffice Pro, "simply displays a gray screen with the word Tap. When you tap the screen, the app exits." Further investigation has uncovered two other scam apps thus far.

Clearly

You're tapping it wrong.

For the Love of Cock!

Leave Apple alone!

Re:For the Love of Cock!

[seoras]

It's getting boring here on Slashdot, this shift from Microsoft bashing to Apple bashing.
The article's making it to front page are becoming very one sided, pro-Google/Android and anti-Apple.

Only several out of a million+ Apps?
So a few wild animals jump over into the walled garden, easy enough to chase them out and plug that hole.

Re:For the Love of Cock!

[K.+S.+Kyosuke]

I love the Tim Cook reference.

Re:For the Love of Cock!

Pretty much. /. died after taco left.

Re:For the Love of Cock!

[dimeglio]

I think you proved his point.

Re:For the Love of Cock!

[hairyfeet]

What, that he is butthurt? We didn't get articles when MSFT had THEIR apopstore pned? or Google's? Oh wait...we did!

Waste modpoints all you want, doesn't change the fact that this is no different than when the iFanboys screamed "But its a trojan so it don't count!" when MacDefender was pounding their iHole. This is just another example of Apple's supposed "vetting" being bullshit, just as their "quality" got us "you're holding it wrong" and phones so flimsy they can break in your pocket, their great Applecare no longer supporting the first Macbook Air, ever since Jobs got too sick to run the joint it went down the shitter and now its no better than any other OEM, its just higher priced.

Security?

[acoustix]

Wasn't stuff like this supposed to be prevented by having a walled garden?

Re:Security?

[kesuki]

on the road to being a 700 billion dollar company a few walls had to be torn down....

Re:Security?

Nobody of any intellectual merit uses iDevices

That's the dumbest fucking thing I've read today.

Re:Security?

[v1]

not prevented, just greatly reduced.

Though even just looking at raw numbers isn't even fair. Apppl's store inventory dwarfs all of the others, and still numerically has fewer scams. It ought to work the other way around unless the wall is performing very effectively.

But bottom line here is some reviewers just got fired, and those that remain were harshly threatened. Reminds me of the recent peer reviewed journals that got caught with some lazy reviewers rubber stamping to boost their productivity numbers.

Re:Security?

[517714]

Try reading the NYT or Washington Post more often.

Re:Security?

[Penguinisto]

Wasn't stuff like this supposed to be prevented by having a walled garden?

A handful out of several million ain't half bad, considering.

I think the only other app store that could do better would be Blackberry, but only due to the fact that nobody uses it anymore (or at least not enough to have found and purchased a scam app).

Re:Security?

[lgw]

Actually, WaPo seems better over the past couple of years - they carry stories that in some way reflect badly on the Democrats from time to time, unlike most of the print press. Of course, it's possible the average partisanship of print media has become so extreme that the WaPo looks better by contrast, but either way it's not in the same boat as the New York Fishwrap these days. (Oddly, USA Today seems quite centrist these days - I still think of it as a joke, but maybe I shouldn't.)

Re:Security?

[tepples]

I think the only other app store that could do better would be Blackberry

I haven't read stories about malware on Xbox Live Marketplace, PlayStation Store, and Nintendo eShop.

Re:Security?

[TheCastro1689]

The volume of games to review and look over is much less, and probably easier to track what info it's gathering when the game is being played.

Re:Security?

[Penguinisto]

I haven't read stories about malware on Xbox Live Marketplace, PlayStation Store, and Nintendo eShop.

Fair call, but consider that it costs a pretty penny to get an app into any of those marketplaces, and they're almost orders of magnitude smaller than even Blackberry's App store...

This is news.... because?

[bhlowe]

2 lameware apps out of 1.2 million apps? I'm guessing people will get over it.

Re:This is news.... because?

[amber_of_luxor]

The issue is that Apple claims that each app is vetted for potential security issues. By most definitions of the term, "fraud" falls under the category "security issue". Consequently, the discovery of even one fraud app means that Apple is not vetting apps in a manner consistent with what they claim.

Re:This is news.... because?

[xaotikdesigns]

How many flashlight apps are in the app store? Surely each one is better than the last, and they are in no way lame.

Re:This is news.... because?

[Cabriel]

What? So an accuracy rate of 99.99992% isn't good enough? I suppose we can trust Google to top that.

Re:This is news.... because?

[ToasterMonkey]

The issue is that Apple claims that each app is vetted for potential security issues. By most definitions of the term, "fraud" falls under the category "security issue". Consequently, the discovery of even one fraud app means that Apple is not vetting apps in a manner consistent with what they claim.

That's what I've been saying, Apple just isn't popular enough to attract the number of hackers for real security issues. One day some hackers might take notice of them, but they are lucky it's only one or two for now!

Re:This is news.... because?

[bloodhawk]

It's news because it is supposed to be an extensively vetted process to get in the store, if such a blatantly obvious scamware app is making it in then obviously the vetting is far less than previously though.

Re:This is news.... because?

[narcc]

How do we know that there are only 2 lameware apps? (Ignoring the fact that the article mentions 3 apps.)

That's "2" that a part-time columnist on a deadline found without much effort. I suspect that the actual number is significantly higher...

Re:This is news.... because?

What? So an accuracy rate of 99.99992% isn't good enough? I suppose we can trust Google to top that.

The article said that they found a bunch of apps using the name and the icon. They didn't say they'd checked them all and they didn't say there were no other scam apps. It seems pretty likely, in fact, that there are a lot of others or they wouldn't have stumbled over this one.

I'd say it's news because . . . it's interesting and suggests that there's more to be found.

So, I'll see your number and make up one of my own: 5% of the apps I look at (meaning, consider buying) seem kind of sketchy. In fact, I never download a paid app unless I see a preponderance of positive reviews from people that can spell. And more than a couple.

Walled Garden = Stewardship

[EndlessNameless]

This is where Apple can provide value to their customers by managing the ecosystem.

They should be more than capable of issuing refunds to anyone who was scammed, remotely nuking the app, and punishing the publisher in an appropriate manner.

If they do all of those things, it justifies some of their policies, at least for mainstream users.

Re:Walled Garden = Stewardship

[xaotikdesigns]

They'll never be able to show their face at the local coffee shop again!

Re:Walled Garden = Stewardship

[LordLucless]

The thing is, Android is a capable of doing all those things (issuing refunds, punishing the vendor, etc) in it's store too, without a "walled garden" approach.

The walled garden metaphor refers to the iOS platform, where users can't install applications except through Apple's blessed appstore, not to the store itself.

Re:Walled Garden = Stewardship

[Em+Adespoton]

Android also currently has issues with malware that haven't cropped up inside the walled garden.

Walled gardens are appropriate for appliance-based computing. If you want a more open platform, you need to do a lot more footwork yourself. Android is a great platform for such users.

Re:Walled Garden = Stewardship

[LordLucless]

This article is about such issues, though. If you have a walled garden, you're basically trading your freedom, for the ability to have someone else police the software, to presumably eliminate such threats.

That trade-off's value is entirely dependant on the quality of the policing done on the software inside the walled garden. Historically, Apple's been pretty good about it, too. But with people locked into the ecosystem by their prior app purchases, there's less and less incentive for apple to spend resources keeping the quality control high.

This could be just a blip that Apple will correct, and start maintaining high standards again. But it could also be the point at which the walled garden deal starts to turn sour, and people find they've been locked inside a garden nobody's looking after.

Re:Walled Garden = Stewardship

[Em+Adespoton]

2/1.2Mil seems like a pretty good ratio to me; if I had that sort of a blip on the surface of a road I was driving on, it would be completely unnoticeable. The important thing is how they deal with the blip -- if they respond quickly and add new logic to protect against this kind of system gaming, it's all good. If they go on a media blitz showering us with unicorns, it's time to quickly scale the garden wall.

Re:Walled Garden = Stewardship

[LordLucless]

2 *known* in 1.2M. But yes, it's their future actions that will be the most important indicator.

Re:Walled Garden = Stewardship

[AmiMoJo]

It would be nice if they did actually manage it though, rather than just being glorified malware scanners. 1.2M apps sounds impressive, but how many of them are pointless cracked screen apps that for some reason need to read your contact list, or "worlds brightest flashlight" apps that absolutely must have internet access to work. Then there is the plague of clones, making it harder for legitimate developers to prosper because asshats like Zynga just rip off their work and throw $$$ at marketing.

It would be nice if they allowed open source software too.

If you are going to have a walled garden, at least keep it clean and tidy.

Hmmm..

"A developer that we hired as a freelance third party vendor published this app under my personal Apple developer account without permission or my knowledge. I take app fraud very seriously and will have the app removed as soon as possible."

Surely he would have noticed sales from this app appearing in his account. So where does the money go ?
I smell something bovine.

Re:Hmmm..

[jeremyp]

Money going into my account? No, never noticed any... ... what's that you say? Yes, it is a nice new car. We're off to the Seychelles next week too. It's paid for by a bequest from Aunt Mildred's goldfish.

Re: By definition, not a scam

Probably something to so with the fact it's called "QuickOffice Pro", which is a legit Office application and therefore they are charging 2.99 to unsuspecting public.

They obviously aren't intentionally buying an app called " tap to exit pro" at 2.99 and then calling it a scam.

It does what?

[SeaFox]

How does an app with no functionality get through the approval process to start with? This isn't a case of the app having a secret feature of calling home or installing malware. I mean, if it doesn't do anything how could anyone have reviewed the app to begin with?

Re:It does what?

[Tom]

How does an app with no functionality get through the approval process to start with?

Because no process is flawless. 3 out of 1.2 mio. Heck, in a lot of touristic areas, the percentage of brick-and-mortar stores that are scams is higher.

Re:It does what?

[jones_supa]

I can think of some theories.

1) The reviewer did a mistake. Maybe he was reviewing multiple applications and from the bunch one slipped to the store even if it was not yet reviewed properly.
2) The reviewer was sloppy and did not do his job carefully and ethically.
3) There was some technical problem.
4) Some attacker got into the system and messed with things.

Re:It does what?

[AmiMoJo]

From what we know of the approval process it is automated in many cases. The exact criteria for them doing an automated test is not known, but there is a lot of research going on into how to exploit it.

Maybe it's art

[Marginal+Coward]

...and if so, it's cheap at just $2.99. Heck, how many times have you paid more than that to go through an art gallery, only to find the inevitable "Painting with Single Dot in the Middle"? Better yet, this art is both multimedia and interactive.

Re:Maybe it's art

[sound+vision]

Not only that - it's also Mobile, Web 2.0, and Cloud.

Re:Maybe it's art

[NormalVisual]

Plus, you can admire your new interactive button anytime you like - you're not on the art gallery's schedule.

Schadenfreude much?

Wasn't stuff like this supposed to be prevented by having a walled garden?

Dude, people have also breached the walls, so to speak, at 1600 Pennsylvania Avenue, A.K.A. the WHITE HOUSE.

Calm down, they'll take care of it. If security in the iOS App Store were perfect, that would be quite a feat. Being tighter than the security at the WHITE HOUSE ought to make most people happy.

It's like you wouldn't be impressed with what Bishop did with that knife in Aliens because he managed to knick his finger doing something he apparently does quite a bit and normally DOESN'T MISS. Misses so infrequently that it drew the comment from one of the Space Marines, "I thought you never missed, Bishop!"

As I understand it, a week with a revealed breach in iOS App Store security, (etc., ) is like a week WITHOUT one in Android land. Pretty rare, and noteworthy. Hence why you were able to read this story. It's a rare enough event that it made the news.

The 99$ fee

[ComputersKai]

Didn't Google remove Quickoffice in favor of Google Docs already?
At least do some research first before paying the 99$ developer fee to be able to upload apps in the first place.

Then again, it was released around the time Google was deciding to shut down the app.
App Details

Re: By definition, not a scam

[xaotikdesigns]

It opens, you tap it, and it closes. You can't get much quicker than that. What's the issue?

Quickoffice Pro Is not a "scam app"

[Saysys]

Quickoffice Pro is a useful program i've been using since I purchased an iPhone 3G. It recently had a bad update that broke it, a mistake on the publisher's part no doubt, but not a scam. Honestly this article reads way to joyously consists of way too little research on the subject.

It's like some people want IOS to suck in the same ways Android does; sorry folks! It sucks in it's own ways.

Re:Quickoffice Pro Is not a "scam app"

If you had even went as far as reading the summary, you would have seen that these apps are not the actual quickoffice owned by google (and since discontinued), but scam apps designed to get people to pay for them but do not deliver the advertised functionality. They are blatant ripoffs, down to stealing google's logo and including bogus support links to avoid attention.

Re:I'm confused...

[Em+Adespoton]

Phone apps I actually use:
Alarm Clock
Countdown Timer
Stop Watch
Calculator
eBook reader
email reader
text messaging app
Music player
Video player
Calendar
Photo viewer
Offline Map-based GPS
Microphone/annotation device
Reminder/To-Do app
Address Book
Input device for computer
Remote Access/monitoring software for computers
Weather app
Camera
Offline Reference apps (health/meds/astronomy/formulas/conversions/knots/words)
Collaborative doodle apps
Music composition/performance apps

That's what I actually use on a regular basis. Interestingly, a large portion of those are provided by default.
Another one that I always intend to use but never actually find useful is a range finder app that lets you calculate distance/height of objects.

Abandoned apps are worse

[Neo-Rio-101]

As the versions of iOS increase, many of the apps that I purchased don't even work anymore and are still on the app store.
Perhaps the developer just forgot about them, or couldn't be bothered spending the time or money to update them to more current iOS versions.
It seems that there are a lot of abandoned apps out there.

Glad for the heads-up

[ccanucs]

I have and have used QuickOffice Pro which *was* a valid app. Reading the article I didn't even know QuickOffice Pro had been bought out by Google and retired.

So, useful information from my perspective.

I had not used it recently since I do not usually use typical "office" type apps on an iPad - mostly use it for professional music production instead, and the only reason I had it on there was to make edits to a spreadsheet that contained DAW track lists and assignments, but I can also access those another way, so I hadn't fired it up since installing it on a newer iPad.

I have just checked and the same problem exists with the Android version of the app. so it's not specific to Apple or the iPad store.

Re:Glad for the heads-up

[ccanucs]

OK. So, seems like *Google* removed the functionality. From their support page:

"As of April 1, 2014, you will not be able to access files from any cloud storage services including Google Drive from within Quickoffice Pro and Pro HD applications. For existing Quickoffice Pro and Quickoffice Pro HD users, you can continue to use your existing app to create, view and edit documents, although moving to the Quickoffice app will allow you to take advantage of new features and updates to the product. For these reasons, we recommend downloading the Quickoffice app."

So, not exactly in and of itself a scam.... ... except - of course, that I originally paid money for the app and now my purchase is useless...

Well - glad I found this out ! :-/

Re: By definition, not a scam

[Khyber]

The joke.

Your Head.

Re:I'm confused...

[jandjmh]

Apps I use that perhaps aren't quite so common
guitar tuner
audio signal generator
network scan and ping
RDP and VNC client
Apps kids at the autism spectrum school I volunteer at use:
Text to speech for non-verbal kids
Pictographs to speech for non-verbal/non-literate kids
Both of the above types of kid have sometimes surprisingly able brains hidden by specific deficits in forming speech.
Lots of educational programs that seem truly useful

You can ask money back

[ruir]

Let me reiterate...this article is a troll. You can go the iTunes app, and ask for your money back in the first 14 days, if memory does not fail me, and Apple will give it back, no questions asked. I lost count of the Apps I returned. As far as I remember your payments to the author of the app are only transferred after 30 days, or something like that.

Re:You can ask money back

[ccanucs]

Well, hmm, I've had the app in question - QuickOffice Pro HD - for a couple of years, so I can't do that. I just hadn't used it recently and hadn't noticed it had been messed with. So, I *can't* get a refund.

Re:You can ask money back

[AmiMoJo]

Yet people are still bothering with these scams. There must be a reason, and the reason is certainly money... So how do they make a profit if everyone gets a refund?

Either everyone isn't getting a refund... Maybe they forget or something, but surely 14 days is long enough for Apple to notice and bulk refund everyone. So the other option is to include some exploits in the code that generates cash somehow.

Re:You can ask money back

[ruir]

So a app has never been discontinued after a few years on another platform for you, that is it? You can hardly fault the platform or the store for it.