Flaws in Google and Apple App Stores

[suzanne5223]

Before using any cryptocurrency wallet, it's mandatory to verify its authenticity and status.

On Feb. 24, an app called “Trezor” was quietly uploaded to the Apple App Store. It appeared to be a crypto app from the popular bitcoin hardware wallet, it linked to the legitimate trezor.io website and privacy policy.
The developers labelled it “Data Not Collected” with Apple’s “nutrition labels,” which are meant to let users of the app store easily identify what information apps will gather about them and make decisions accordingly.

The app was leveraging the Trezor brand to execute one goal – steal users’ Trezor passphrases and private keys via phishing

The app was small and simple, consisting of three screens, but did nothing other than steal your Trezor passphrase or seed phrase.

Be careful of what you download on Google and Apple app store they are not safe anymore.

Source

[1715156620]

1715156620

[1715156620]

1715156620

[1715156620]

1715156620

[TheNineClub]

I guess the problem comes with quantity. The sheer number of apps on both of those platforms makes it hard (if not impossible) to have them checked and verified before being published. Unfortunately, I don't see a way that those platforms can apply more security, they can only act when the scam is discovered. People will just have to trust their own research before using any of those platforms and maybe check on this forum once in a while because for posts like this.

[isaac_clarke22]

This is why I don't really rely too much on mobile apps when it comes to cryptocurrency or anything that involves my money or coins, as well as that I don't download MyEtherWallet even if the site wants me to.
There's lacking of Quality Checks on these apps and  you never know just by the app description of it or even the ratings, because fake reviews are quite common. Just install the app and you have the means of rating it now.

[Kong Hey Pakboy]

I am quite surprised that Apple let this kind of harmful apps in their store, I mean they have the most strict requirements when it comes to app development but here we are, seeing this phishing app operational on their store, I thought that Apple has a security that is rightfully boasted but considering that the flaws found in them are critical, I am having second thoughts.

[eaLiTy]

I guess the problem comes with quantity. The sheer number of apps on both of those platforms makes it hard (if not impossible) to have them checked and verified before being published. Unfortunately, I don't see a way that those platforms can apply more security, they can only act when the scam is discovered. People will just have to trust their own research before using any of those platforms and maybe check on this forum once in a while because for posts like this.

Google and Apple should employ people to review anything that is listed in their platform rather than acting after a scam took place. It is much better in terms of customer compliance and it will save a fortune for their customers if they can monitor all the application that is listed in their play store.

The only option right now is to report them and if anyone can create a thread here is scam accusation about fake applications we could report them in groups and take them down ASAP before anyone loosing money.

[Reatim]

So Now even Apply security cannot withhold our safeties from this hackers? I had been using Apple Ipad for 2 years now but did not encounter any trouble from it because i trust the security features of Apple , But having this news now i start to doubt my safety and will consider making more aware and distance from all downloading i will do from here, Google is one place that surely being part of the hackings , but Apple? lol I am disappointed.

I am quite surprised that Apple let this kind of harmful apps in their store, I mean they have the most strict requirements when it comes to app development but here we are, seeing this phishing app operational on their store, I thought that Apple has a security that is rightfully boasted but considering that the flaws found in them are critical, I am having second thoughts.

yes that is what i was telling to myself also , But also we Knew how Good hackers are , they can enter in everything they wanted to target.

And apple is now not safe from them anymore.

[joniboini]

yes that is what i was telling to myself also , But also we Knew how Good hackers are , they can enter in everything they wanted to target.

Looks like the quality of the Apple app store is gradually going down to the level of Google Play where you can upload fake and copy apps easily. Just a few days ago I found a thread of a game developer that complains about a fake game that copied his game, not only one but more than 5. I wonder how they filter them.

[maxreish]

That is why I am not easily downloading any crypto wallets in any app store. Even MEW app in playstore have a fake apps and it is better if we access the wallet in their legit website. But be careful as there are also phishing links that has same name with their links. Better if we do report those fake apps on the market apps so they dont attract more victims as they thought this Trezor app is the original one.

[Kong Hey Pakboy]

I am quite surprised that Apple let this kind of harmful apps in their store, I mean they have the most strict requirements when it comes to app development but here we are, seeing this phishing app operational on their store, I thought that Apple has a security that is rightfully boasted but considering that the flaws found in them are critical, I am having second thoughts.

yes that is what i was telling to myself also , But also we Knew how Good hackers are , they can enter in everything they wanted to target.

And apple is now not safe from them anymore.

Yeah, but to boast that you have a secure network and device is saying something, that also means that hacks will not be possible. I don't know why do people eat up this shit that Apple feeds to them, they are expensive but the cheaper android phones work far better than them.

[AicecreaME]

There’s just one problem: Trezor doesn’t have an app.

Sorry but this should be the first thing that every people come up to their mind with when they saw that "Trezor app" in app store or whenever it is. Trezor only comes up with a hardware wallet, meaning it only has physical appearance and doesn't have any app or web wallet, except for their website.

My opinion about this is that it's scary, because they might do the same thing to popular Bitcoin wallet like Coinomi and Electrum, and if you're not wary enough, just installing quickly from play store or app store, no doubt your private keys or passphrase keys would be stolen to you without you knowing.

So always be careful guys and double check your apps that you're going to install especially if you're going to store your money on it.

[cryptomaniac_xxx]

Yes, specially Google Play store, it's very very dangerous to just download apps their without checking and verifying. @Rikafip maintains a thread, List of fake wallets on Google Play, 2 active at the moment!. Maybe everyone can check it out, and if you see some fake apps, you can report it as well so that we can track and report them and hope that it will be taken down by Google and Apple.

[Coinsfera]

Before using any cryptocurrency wallet, it's mandatory to verify its authenticity and status.
On Feb. 24, an app called “Trezor” was quietly uploaded to the Apple App Store. It appeared to be a crypto app from the popular bitcoin hardware wallet, it linked to the legitimate trezor.io website and privacy policy.
The developers labelled it “Data Not Collected” with Apple’s “nutrition labels,” which are meant to let users of the app store easily identify what information apps will gather about them and make decisions accordingly. 
The app was leveraging the Trezor brand to execute one goal – steal users’ Trezor passphrases and private keys via phishing
The app was small and simple, consisting of three screens, but did nothing other than steal your Trezor passphrase or seed phrase.
Be careful of what you download on Google and Apple app store they ate not safe anymore.

Source

Everyone has to be careful while entering their credentials in any website. During boom period scammers pops up like a mushroom. Better to use official apps and services.

[Kittygalore]

All the more reason to not buy Apple products because they are arrogant to say that they have a strict requirements for their apps but they can't even catch that these app is a phishing attempt. I had a good relation with Apple back when they still didn't remove auxiliary parts of the phone which defeats the purpose and I find more capable Android phones pop up of the market that are better in any aspect.

[Ucy]

Before using any cryptocurrency wallet, it's mandatory to verify its authenticity and status.

On Feb. 24, an app called “Trezor” was quietly uploaded to the Apple App Store. It appeared to be a crypto app from the popular bitcoin hardware wallet, it linked to the legitimate trezor.io website and privacy policy.
The developers labelled it “Data Not Collected” with Apple’s “nutrition labels,” which are meant to let users of the app store easily identify what information apps will gather about them and make decisions accordingly.

The app was leveraging the Trezor brand to execute one goal – steal users’ Trezor passphrases and private keys via phishing

The app was small and simple, consisting of three screens, but did nothing other than steal your Trezor passphrase or seed phrase.

Be careful of what you download on Google and Apple app store they ate not safe anymore.

Source

I wonder what the "Nutrition Labels" show that are being collected by the app, or is it "Data Not Collected”.   And how are such apps able to pass through app security check to list on established stores. No verification done?

[isaac_clarke22]

yes that is what i was telling to myself also , But also we Knew how Good hackers are , they can enter in everything they wanted to target.

Looks like the quality of the Apple app store is gradually going down to the level of Google Play where you can upload fake and copy apps easily. Just a few days ago I found a thread of a game developer that complains about a fake game that copied his game, not only one but more than 5. I wonder how they filter them.

This might be a non-crypto related but I quite remember that there's like a creepy app in the Google Play store that would even scare a child because of its "killer voice" tone and it is disguised as a cute character of course to avoid detection.
If those types of apps even managed to get past of the policies of the App Store, who knows what more if it is in crypto space?

Problem is these apps will still exist and will only be removed if one managed to report it. Imagine how many people already downloaded the said app before a report comes up.

[Genemind]

I only have few mobile wallet app that I use, I avoid using untrusted applications for security purposes. If I have to use a wallet app, I make sure to make a research or ask for opinions of some of my friends if they have used it or not. Do not store huge amount of money in mobile apps, and also avoid using your passphrase if not needed.

[batang_bitcoin]

Verify every app that you're about to download on Google Play and Apple store. Think like you don't trust every app that's existing there and every app that asks for your private keys and passphrases.
You don't send that to any of those apps because many of those scammers are using the brand's name of those popular wallets. It's been existing but Google can't filter them immediately unless there will be reports filed.

[btc78]

Maybe this sounds Stupid of me but I have never like or plan using Apple stuffs, Not because they are Expensive (Compared to other gadgets) but i just felt like i don't like them.
Many of my friends tells me how secure this is but not enough for me to satisfy.
And now having this Issue ? this proves me that my decision is correct as Apple Store or Playstore is the same as vulnerable from hackers .

[DdmrDdmr]

This is what the app's pitch looked like on a phone browsing the Apple Store:



See: https://www.reddit.com/r/TREZOR/comments/lun0l8/fake_trezor_ios_app/

The ratio of scam apps on Android vs Apple is overwhelming, but the above goes to show that Apple’s controls are not infallible. One should always head-off to the corporate site to check the existence and proper links to the apps they download. Failing that, logic and prudence should be a safeguard for cases such as these.

[DarkDays]

Be careful of what you download on Google and Apple app store they ate not safe anymore.

Source

I think this extends to any electronic wallet. There are many copy cats out there and people could easily fall into these traps. Metamask is also another big one where you need to check that your download starts from the legit site. Unfortunately, I have come across several place where everything looked the same except the Metamask wallet wasn't coming from the legit source. Just be wary of anything you download off the internet.