back to article Fake LastPass lookalike made it into Apple App Store

LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. The software maker went public about the fake mobile app on Wednesday, warning that the knockoff "LastPass Password Manager," …

  1. gnasher729 Silver badge

    Does the app get removed from users devices? (I would hope so. I wouldn’t want to keep it).

    Do customers get money back, and what happens to. Apple’s thirty percent? (If I remember right apple returns the purchase cost, doesn’t pay the developer but insists on getting their payment).

  2. Anonymous Coward
    Anonymous Coward

    Cant

    Can’t believe this outfit is still operating. Also LassPass? Really? Fail for both the naff malware and the naff password management company.

    Anon because a copy of my vault with unencrypted bits is floating around the dark web somewhere.

  3. Mostly Irrelevant

    Even more evidence that the walled garden doesn't so anything but let Apple assert control.

    1. gnasher729 Silver badge

      “Even more evidence that the walled garden doesn't so anything but let Apple assert control”

      The app was removed, so obviously you are wrong.

      1. Craig 2
        Trollface

        “Even more evidence that the walled garden doesn't so anything but let Apple assert control”

        The app was removed, so obviously you are wrong.

        Well the app wasn't removed until reaching at least this news outlet who then emailed Apple, after which it was removed.

        So obviously and more importantly demonstrably, you're wrong.

    2. werdsmith Silver badge

      Found an app at the weekend that promised to show location of cell towers on a map.

      A couple of tries and it was obvious that is was just randomising the locations. Put a 5G Three mast in my back garden. But where a mast should have been (because I can physically see it) there was nothing.

  4. ChoHag Silver badge

    > while we didn't receive a response, the app's URL stopped working and the application disappeared from App Store search results on an iPhone within a few minutes of our email

    I just wanted to quote that for hilarity.

  5. Zibob Silver badge

    So much for the AppStore safety claims

    I really hope this and other examples are brought up in the on going "make apple open the phone to others" cases happening.

    The main point apple always fall back on is the the app store means safety. Well that's demonstrably and repeatedly false.

    I don't really expect law makers to actually read relevant news about the thing the a working on. But this is a serious win for them if they see it.

  6. PhoenixKebab
    FAIL

    Confusing developer name on the Apple store

    "There's also the developer name, which in LastPass' case should be "LogMeIn, Inc.," not a random person. "

    NO! It should be "GoTo Technologies USA, Inc.", which is used on the Google app store. This is current name of the organisation, and has been for 2 years, not the old name that the Apple store uses. I assume there's either a hefty fee, or it is a lot of aggravation to change the developer name with Apple.

    It's one thing to say the user should check the application is from the right company, but that is incredibly hard when the company does not use their current name on the Apple store!

    Also there are two types of users of password managers, those who are technical enough to check the details before installing, and those that were advised by someone technical that they should be using a password manager. Family members or friends of techies are less likely to check the details before downloading, and are most likely to be tricked by these fakes. If it has a close-enough name and icon, that must be the right one.

    1. gnasher729 Silver badge

      Re: Confusing developer name on the Apple store

      Changing your name on the AppStore is a bit of a pain. Basically every developer has an identity. Three years ago you bought “LastPass by xyz”. So apple allows you to download newer versions of “LastPass by xyz”. “LastPass by abc” would be a different app. It couldn’t access data created by “LastPass by xyz”. It couldn’t communicate with “other app by xyz”. So a bit painful and hard to test.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like