The rogue 2FA app that steals scanned secrets is now ranked 18 on the German App Store for the productivity category. No wonder! The app disguises as a Microsoft app. It is the top hit when you search for "Microsoft Authenticator" and the developer has updated the screenshots in the ad card to highlight the word "Microsoft". Surprisingly, the product page of the app shows different screenshots with the word "Microsoft" removed.
The app now has 1.2K reviews, as opposed to 18 when we first addressed the app.
🙏 Boosting this post will help spread the word. Thank you!
@mysk I wonder if it’s possible to report this to #microsoft, who could alert #apple through legal channels. It’s ridiculous that Apple can’t take down a reported, malicious app. Some press might help too.
@mysk This is extremely disappointing from Apple. The whole justification for their 30% global tax is so they can maintain systems and procedures to prevent apps like this from going on the store.
@mysk According to the Apps privacy section its App Store Page they are WAY BETTER than the original! Microsoft’s App sucks up everything including all of your content, even your location. I would never use either app!
@mysk hope someone takes this to a EU hearing when Apple tries to bullshit politicians into believing their walled garden is anything else then a bloody monopoly.
Just tested the latest version and it still sends scanned secrets to the developer's remote server (Version 1.10.1). Meanwhile, the app has climbed to no. 13 on the German App Store 😳
@JetForMe Yes, but you must download the app first. Then, an option to report the app appears in the information section of the app in the App Store, more here:
@feld
Read the text in the screenshots it includes in the ad. And when you search for "Google Authenticator", it uses screenshots with text suggesting it is a Google app. Also check this video out:
@mysk Did you report this app via: https://reportaproblem.apple.com ? That link is for stuff you've already purchased, but you can also tap "Report a problem" directly in the app store page.
@mysk Form my point of view, this is a non-issue. It is really easy to correctly discover and identify the real Microsoft Authenticator published by Microsoft Corporation. People who download this rogue app will fall victim to any other scam as well.
@teezeh This's very easy to say if you're knowledgeable about IT. But many people aren't. I tested this with multiple persons. They all picked the first app because it's highlighted and also because the screenshot says "Microsoft"
@mysk I know. That's why I wrote that they woul fall victim to any other scam as well. Sure, I would prefer serious curation in app stores. But pretty much all of them prefer quantity over quality. The Microsoft Store is the worst IMHO ...
@mysk And this is why Apple takes their 30% right? To keep its users safe... Scandalous how Apple doesn't even seem to be trying. Any app that goes high on the popularity charts should get extra scrutiny for scamminess/scumminess.
@johnnyd_cm@mysk how the hell did it gget into the apple app store in the first place, apple are supposed to be control frieks when it comes to allowing apps. then again they dont stop apps that are completely inaccessible with voiceover so...
Add comment