Source- PCMag
App Store’s Stringent Review Process Bypassed by Fraudulent LastPass Clone
In a surprising lapse of Apple’s usually strict App Store review process, a fake version of the popular password manager, LastPass, managed to infiltrate the platform. The deceptive app, posing as LastPass, operated under the name “LassPass Password Manager” and was available for download for several weeks before being detected and taken down. The fraudulent app attempted to mimic LastPass’s branding and user interface but included misspellings that hinted at its illegitimacy.
LastPass Alerts Users to Imposter App
LastPass promptly informed its users about the fraudulent app in a statement on its website, cautioning them against downloading the fake LastPass app. The imposter, falsely attributed to a developer named “Parvati Patel” instead of LastPass’s parent company, LogMeIn, raised concerns about the efficacy of Apple’s review team in identifying and preventing such deceptive apps from entering the App Store.
Questions Surrounding Phishing Attempt and User Impact
While LastPass has emphasized the fraudulent nature of the app, it remains uncertain whether it was part of a phishing attempt. The fake LastPass app, named “LassPass Password Manager,” was eventually removed by Apple after LastPass reached out to inquire about its survival through the App Store review process. The extent of user engagement with the deceptive app and the potential impact on their security remain unclear.
Apple’s App Distribution Policies Under Scrutiny Amid DMA Changes
This incident comes at a crucial time for Apple, with recent controversies surrounding the company’s app distribution policies in response to the EU’s Digital Markets Act (DMA). Apple faced criticism for its perceived “malicious compliance” in formulating new DMA-compliant rules for alternative marketplaces. Developers, including prominent figures like Xbox, Epic Games, Spotify, and Meta’s Mark Zuckerberg, condemned Apple’s attempt to gain increased revenue through the new regulations, contrary to its initial opposition to the DMA.
The irony lies in Apple’s previous stance on the App Store acting as a secure walled garden to protect users from potential threats. The company had warned of increased risks, including malware, fraud, scams, and privacy threats, with the introduction of alterna
tive marketplaces. However, the incident involving the fake LastPass app exposes a significant oversight in Apple’s security measures, raising questions about the effectiveness of its App Store review team in safeguarding users from fraudulent applications.
