According to The Washington Post, a scam bitcoin app that was built to look like a legitimate app was approved by Apple’s App Store review team, costing iPhone user Phillipe Christodoulou 17.1 bitcoin, or upwards of $600,000 at the time of the theft.
Back in February, Christodoulou decided to check on his bitcoin balance, so he went to Apple’s App Store and searched for “Trezor,” the company that makes the hardware system where he kept his cryptocurrency. He saw an app with a green background and the Trezor padlock logo, so he downloaded it and entered his credentials.
Unfortunately, the app was a hoax, created to look like a real app in order to deceive bitcoin users. Christodoulou’s whole bitcoin balance was stolen, and he’s furious with Apple. He told The Washington Post, “Apple doesn’t deserve to get away with this.”
Apple vets all App Store app submissions to prevent scam apps from being downloaded by iPhone users, but scam and copycat apps like the fake Trezor app manage to slip through the cracks and trigger major problems for iPhone users.
Apple believes the fake Trezor app was accessed by “bait-and-switch” in the App Store. Trezor was the brand, and it used the Trezor logo and colors, but is claimed to be a “cryptography” software that would encrypt iPhone files and store passwords. “We are not interested in any cryptocurrency,” the fake app’s creator informed Apple. After being sent, the fake Trezor app turned into a cryptocurrency wallet, which Apple was unable to detect.
Apple “pushes misconceptions about consumer privacy and protection as a shield against its anti-competitive App Store practices,” according to Meghan DiMuzio, executive director of the Coalition of App Fairness, which includes anti-Apple companies including Epic Games as members. Apple’s security requirements, she claims, are “inconsistently implemented across applications” and are “only enforced when it helps Apple.”
When offenders defraud iPhone users, Apple spokesperson Fred Sainz told The Washington Post that the company takes swift action.
Apple has refused to say how often scam applications are discovered or withdrawn from the App Store. Last year, however, 6,500 apps were withdrawn due to “secret or undocumented functionality,” according to the business.
Apple admitted that it had found other cryptocurrency scams on the App Store, but did not include precise numbers or say whether or not there had previously been fake Trezor apps. Trezor does not have an iOS version, and a spokesperson for the company said it has been warning Apple and Google about fake Trezor apps “for years.”
Also Read: WWDC 2021 includes Apple Glass
Apple declined to send The Washington Post the name of the fake Trezor app’s developer, whether that developer had other apps in the App Store under different names, or whether the name had been given to law enforcement officials. After the real Trezor company announced it, Apple says it removed the fake Trezor app and banned the developer. Two days later, another fake app emerged, which Apple also removed.
Since 2019, Coinbase, a UK-based cryptocurrency regulation firm, has received over 7,000 inquiries regarding stolen crypto assets, with fake apps found in the Google Play and App Store being a popular complaint. In reality, the fake Trezor software on iOS has stolen cryptocurrency from five users, totaling $1.6 million in losses.
According to Sensor Tower, the fake Trezor app was available on the App Store from January 22 to February 3 and was downloaded 1,000 times. The 17.1 bitcoins Christodoulou lost are now worth nearly $1 million, and he claims he hasn’t heard anything from Apple about it.
An Apple representative told another iPhone user who lost $14,000 in Ethereum and bitcoin that Apple was not liable for the loss caused by the fake Trezor app.