Apple’s App Store review team is known for its strict standards, yet a fake LastPass app managed to pass through and was available for weeks before being taken down.
The Fake App
- The fraudulent LastPass app impersonated the official app and listed an individual named “Parvati Patel” as the developer instead of LastPass’s parent company, LogMeIn.
- It copied LastPass’s branding and user interface but contained misspellings and other indicators of fraud, such as being listed as “LassPass Password Manager” instead of “LastPass.”
- Apple removed the fake app from the App Store after being notified by the LastPass team.
- The company has not provided any information about how the app passed the review process.
- It’s unclear how many people fell for the scam or if it was a phishing attempt, but it raises concerns about the effectiveness of Apple’s App Store review process.
- The incident is ironic given Apple’s recent opposition to the EU’s Digital Markets Act (DMA), which aims to loosen Apple’s control over app distribution on iPhones.
- Apple has argued that its walled-garden approach with the App Store keeps consumers safe from bad actors, yet the fake LastPass app was available for download in the official App Store.