Whenever there’s a security breach or even just the possibility of one, we now want to know about it. Why? Because we are concerned that maybe our data isn’t secure with that particular app or service. And rightfully so. When I see companies putting their flaws out there – like Facebook did last week – I admire the fact that the company is taking responsibility for their actions. Even if it wasn’t entirely their fault. What I don’t like to see is when a company quietly addresses the issue but doesn’t let its users know about it. And that’s what Apple has done this week. I’m not normally one to criticize Apple, but in this case, I think they should have been more forthcoming. They have quietly removed an allegedly malicious cryptocurrency wallet from the App Store. This follows numerous complaints from users.
I don’t take issue with the fact that they removed the wallet from the App Store, I take issue with the fact that they didn’t really let people know that this was happening. As I said in my previous paragraph, these kinds of things aren’t always the fault of the company who is being attacked. Yes, they do have a huge role to play and they certainly should be taking responsibility, but it’s not always their fault. You might also notice that I criticize Facebook a lot for this and it’s because they continue to do shady things. So, of course, we are going to notice that it’s not all on the up and up and as a result, not really trust them.
That said, the app that’s been removed EOSIO Wallet Explorer was flagged after two popular YouTube personalities – the Hodgetwins – posted a video blaming the app for taking their tokens. In it, the YouTubers explained that 1,500 EOS ($8,500) were surreptitiously transferred out of their wallet – without their consent or knowledge – not long after using the app. What’s not clear is how many users have fallen victim to this allegedly malicious wallet. And there is no information on how many people downloaded the app – since Apple doesn’t make this kind of information available to the public.
What we do know is that the shady wallet solution remained on the App Store for nearly three months following its launch – in spite of repeated complaints from users. This is where I will put the blame on Apple. They received complaints, they knew about the issues and yet they still didn’t do anything to remove the app.
I honestly think that its Apple (or Google’s) responsibility to make sure that the apps in their stores are on the up and up. This isn’t to say that Apple is responsible for all the apps, but they’re certainly responsible for the ones that are malicious or fraudulent in any way. Maybe that means stricter guidelines about which apps can and can’t be posted? I’m not really sure that I have the answer, but they do have some work to do on this front. Further, you as a potential user need to do some background checks before trusting software providers – especially with money. There is always a risk that attackers will try to get to your money, even if that app is found on the official App Store.