Skip to main content

Researcher reports fraudulent Chinese apps on the Mac App Store

Despite Apple’s claims that the App Store is a “safe place you can trust,” it seems that some developers still find ways to bypass the company’s review process to distribute fraudulent apps to iPhone, iPad, and Mac users. This time, a researcher identified as “Privacy1St” (Alex Kleber) has shared a report about multiple Chinese apps that have fooled the App Store review team.

Apps can trick the App Store review team

The report was shared in a post on Medium and was also supported by security research and former NSA staffer Patrick Wardle. The investigation examined seven different Apple developer accounts that are allegedly managed by the same Chinese developer. These apps, according to the report, abuse the App Store guidelines in many different ways.

As noted by the researcher, most of these apps contain hidden malware that can receive commands from a server. This way, the malicious code waits for the app to be approved in the App Store before it goes live. This technique lets developers change even the entire app interface remotely so that Apple will see a completely different app than the one that will be shipped to users.

Although the apps were released by different developer accounts, they all establish communications with domains using services like Cloudflare and GoDaddy in order to hide their hosting provider. Interestingly, the Privacy Policy website of these apps redirects users to public webpages created with Google Sites.

Another aspect of these apps’ code that connects them to the same developer is that they all use the same password to decrypt a JSON file used to mislead the App Store review team. In some cases, this developer has released basically the same app under different accounts, so that these apps can reach and trick even more users.

Fake reviews and more

Researcher reports fraudulent Chinese apps on the Mac App Store.

As noted by the report, one of these apps is a “PDF Reader” that was listed as one of the most downloaded apps in the US Mac App Store. Once downloaded, the app tricks users into paying for a subscription plan. But the whole scheme goes far beyond this, as all these apps have a suspicious amount of positive reviews amidst negative reviews claiming that the apps don’t work.

Of course, these positive reviews are fake and bought by the developer to make regular users believe that the app is legitimate. Since the report was published, Apple has removed most of the fake reviews of these apps. Some of the malicious apps also seem to have been removed from the Mac App Store.

Last month, Apple said the App Store stopped “nearly $1.5 billion in fraudulent transactions in 2021” thanks to the App Store review team. However, this is not the first or second time that researchers have shown that the App Store is still highly susceptible to scam apps. In the meantime, Apple keeps saying that the sideloading process is the real enemy of users.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications