How Apple handles imposter apps that try to sneak onto the App Store
- by Anoop Singh
- 10
The issue of misleading apps on the App Store surfaced this week after yesterday’s LastPass incident. The folks behind the popular password manager needed to warn customers that an app called LassPass was pretending to be LastPass. While that’s a pretty egregious example of what can sneak through review, it can be helpful to have more context around how the App Store typically functions.
Guidelines
The App Store is designed to create a safe experience for customers through policy. That’s something that has been mocked this week, which is a fun dunk, but it’s still true.
When it comes to imposter apps, this is the specific App Store guideline that developers agree to when distributing apps through the App Store:
App Store Review Guideline 4.1 makes clear that impersonating other apps or services is considered a violation of our rules and can result in removal from the App Store and the Apple Developer Program.
While the first line of defense against offenders is the review process, it’s obviously possible for a bad actor to sneak through from time to time — even if the deception is obvious to some.
What happens if that occurs? It’s not just the offending app that gets pulled. The whole developer account is revoked for violating Apple’s terms of service. That’s what happened to the developer account behind the deceptive LassPass app.
Reporting
So what can developers do if they do find an imposter app imitating their own on the App Store? Press coverage obviously raises the issue at scale, but not all developers can get the same media attention. (I doubt Apple likes anything about this path either, but it’s certainly an option for developers who do not feel heard quick enough.)
The official channel for flagging violators exists for both reporting content disputes and name disputes. In the case of LastPass, the developers didn’t really go to the press to expedite the issue. Instead, they were simply warning their users about a scam risk — which got media attention, naturally.
By the numbers…
It’s also useful to put the LastPass incident in context. Based on publicly shared data in May 2023 that covers all of 2022, Apple has actively nuked accounts that violate App Store safeguards against fraud. At the same time, Apple has seen fewer violators year-over-year based on process changes it made.
In 2021, Apple terminated over 802,000 developer accounts for potentially fraudulent activity. In 2022, that number declined to 428,000 thanks in part to new methods and protocols that allow the App Store to prevent the creation of potentially fraudulent accounts. Additionally, nearly 105,000 Apple Developer Program enrollments were rejected for suspected fraudulent activities, preventing these bad actors from submitting apps to the App Store.
While we haven’t seen the same data for 2023, we can probably expect new numbers to arrive sometime this year. At any rate, this data puts Apple’s efforts against imposter apps in greater context. You know, even if the LastPass incident is an easy dunk at the moment.
FTC: We use income earning auto affiliate links. More.
The issue of misleading apps on the App Store surfaced this week after yesterday’s LastPass incident. The folks behind the popular password manager needed to warn customers that an app called LassPass was pretending to be LastPass. While that’s a pretty egregious example of what can sneak through review, it can be helpful to have…
The issue of misleading apps on the App Store surfaced this week after yesterday’s LastPass incident. The folks behind the popular password manager needed to warn customers that an app called LassPass was pretending to be LastPass. While that’s a pretty egregious example of what can sneak through review, it can be helpful to have…