A popular online Ethereum wallet service, MyEtherWallet, found itself amidst controversy on December 10, 2017, because of a fake mobile wallet app pretending to be affiliated wit it. The rogue app went unnoticed for long enough to become the third most-downloaded app in the Finance section of the iOS App Store.
MyEtherWallet.com officially tweeted soon after, denouncing the app’s legitimacy and requesting the community to report the incident to Apple. Ether is currently the world’s second largest cryptocurrency by market capitalization, following its meteoric price surge in 2017. Alongside bitcoin, it has become one of the most lucrative currencies for new investors to purchase over 2017.
— Christian Lundkvist (@ChrisLundkvist) December 10, 2017
The developer of the fake $4.99 app appears to be Nam Le, but that could easily be an alias. It is evident by now that this was a poorly concealed attempt to cash in on the digital currency hype.
Despite this lapse in security, Apple is notorious for the heavy impositions that it levies on app developers. Applications submitted to the App Store go through rigorous testing and scrutiny. The lack of manual examination is a glaring oversight, but there is not much that can be done about it. By 2020, it is estimated that the App Store will house more than five million iOS applications, making human screening of new apps next to impossible.
Even with Apple’s tight grip over which apps enter the App Store though, it is no secret that a few dubious and sometimes outright fraudulent applications manage to sneak in on occasion. In this particular instance, it turned out to be a misleading cryptocurrency wallet application, but there have been reports of full-blown malware landing on the iOS store from as early as 2012.
Interestingly, not all apps that have circumvented Apple’s tests are malicious. In the past, some enterprising developers have managed to get video game emulators onto the App Store before being promptly taken down soon after. In that vein, it is also worth noting that Apple has been rather prompt to remove apps that have been found to be dangerous, while on the other hand, Google’s approach to the same problem on Android is far slower.
The Play Store, Android’s primary app market, faces the same problems of fraud and misleading advertising, except to a much greater degree. As compared to the extensive vetting process that iOS apps have to go through, Google typically adopts the principle of “innocent until proven guilty” by letting apps onto the Play Store with little to no pre-screening. Should any problems arise later though, Google steps in and removes the app similar to Apple. The lack of initial quality control is, in part, why almost every single cryptocurrency-centric Android app is considered unsafe.
With the dramatic increase in cryptocurrency prices drawing in thousands of new investors every day, it is apparent that we will continue to see several such malignant attempts to prey on the ignorant. The digital currency market is in dire need of educating the masses about not only the security repercussions of entering their wallet’s private key into an untrusted app but also how to protect themselves from a variety of other targeted attempts designed to steal their money.
The fake app in question has since been removed from the App Store, likely at Apple’s discretion.