Via The New York Times, hundreds of fake shopping apps have been hitting the App Store in the last few weeks, stealing recognizable brand names and logos, in an attempt to confuse App Store customers to download their counterfeit apps instead of the real thing. The fraudsters are attempting to capitalize on the holiday shopping season.
Examples include apps masquerading as brands like Puma and FootLocker; the screenshot above shows how apps using trademarked names and logos were published by a company called ‘Footlocke Sports’ in an attempt to deceive customers.
Apple’s App Review process does a good job at weeding out apps that include malware or viruses, protecting the integrity of iOS software ecosystem, preventing them from ever being available to download in most cases.
However, App Review fails to recognize most cases of trademark infringement (or it simply doesn’t look for such issues at all) which allows fake apps like these ones to appear in the App Store.
The fraudsters can then capitalize on their victims by encouraging customers to buy the ‘real’ branded products with credit cards, thereby stealing their financial information. (Apps that sell physical goods are allowed to request users to provide payment details, bypassing the usual protections and safeguards of Apple’s sanctioned In-App Purchase system.)
The New York Times article says most of these fraudulent shopping apps are originating from China, but fake apps stepping on known names is sadly not a new phenomenon. Almost any popular App Store game has hundreds of clones, using very similar iconography or naming. To see this for yourself, search for ‘Flappy Bird’ in the App Store and you will still see hundreds of fake app listings.
The fake Flappy Bird clones only seek to capitalize on some quick ad revenue by confusing customers into downloading their titles over the real thing. The criminal possibility for fake shopping apps is more sinister as they are a natural place to enter sensitive information like credit cards, addresses and other account credentials. It’s good to be aware of such risks heading into the holiday season where mobile devices represent an ever-growing proportion of sales.
A helpful piece of advice is to check the reviews of big name apps before downloading: most apps from big brands will have an extensive review history with hundreds of comments and thousands of ratings as evidence of their legitimacy.
In a statement, Apple said it has “set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure”. The fake shopping apps highlighted by the New York Times have already been removed from the store but the onus is on Apple to improve its process to prevent this from happening again.
Detecting malicious activity is a hard problem at scale — the App Review process has to handle thousands of apps every day — but it does seem like Apple could be doing more to protect the store from counterfeit software … especially with big, well-known, brands like Nike or Puma.