The impact of fake retail apps hitting the Apple App Store this year
|Christian Hargrave in iOS Tuesday, November 8, 2016|
Holiday retail woes have hit a little early this year, with hundreds of fake retail and product apps appearing in Apple’s App Store recently. The New York Times reports counterfeiters have disguised apps as retail chains like Dollar Tree and Foot Locker, department stores like Nordstrom and even luxury brands like Jimmy Choo.
With Apple known to have a strict policy around acceptance into its massive App Store, it is disheartening to hear of such a large quality check mishap. Even more frustrating, is the impact this will leave on the brands impacted, leaving many pointing fingers of blame.
We spoke with Jeff Williams, Co-founder and CTO of application security company Contrast Security, who explained both the security and brand impact of the news.
“First, it’s important to note that Apple’s App Store deserves a lot of credit for creating an environment where the overwhelming majority of apps are safe to use and do not have either: 1) vulnerabilities that would allow an attacker to take over a device, or 2) capabilities that would allow the app creator to compromise device security. That’s not easy. Android and the Google Play store aren’t even close in comparison.
So in a way, it’s a good sign that attackers have to resort to this roundabout method of attacking users. Yes, Apple should do a better job of ensuring that trademarks should only be used with authorization. However, think for a minute how hard that problem really is. Remember that many applications are written by third parties, consultants, and outsourcing organizations who are also responsible for submitting them to the App Store. How would Apple actually verify that the submitter actually owns that trademark? For the record, most trademarks aren’t global, they’re geographic and limited to a particular type of product. So it’s tough to make Apple the arbiter of all of that for 2.2 million apps in the store.
Instead, Apple has chosen to let the two parties involved (accuser and alleged infringer) work it out. They even facilitate contact between the two parties. This kind of thing can happen in the real world of course. Walmart might sell you Ozcar Meyer franks from their store. Or you might buy a Molex watch from Bloomingdales. But, the question is whether Walmart or Bloomingdales has a legal obligation to get involved in the trademark dispute. I hope they would, and I hope Apple figures out ways to make this kind of scam more difficult. But, I don’t blame them.”
Read more: https://www.contrastsecurity.com