this post was submitted on 08 Feb 2024
423 points (99.3% liked)

Technology

59986 readers
2920 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
all 35 comments
sorted by: hot top controversial new old
[–] RanchOnPancakes 131 points 10 months ago (2 children)

YOU ARE PROTECTED IN OUR WALL GARDEN! APPLE USES HAVE NO NEED T- oops, anyway YOU ARE PROTECTED.

[–] [email protected] 10 points 10 months ago

They've actually been responsible for tons of malware over the years. I recall seeing a massive leak back around 2015, and the story was buried by PR so quickly it left me very impressed.

The idea that iOS is in any way, shape, or form more safe than android is 100% PR. The fact Google allows users to override safety measures and install third party apps at their own risk is entirely why they've done this.

If Apple fans realize this is as safe as installing anything else on any computer (including macs), then Apple will have to answer to them. As long as they think they are more protected than android users, however, Apple's MO to take in money remains safe.

[–] [email protected] 81 points 10 months ago (4 children)

How's that walled garden working out?

[–] Ghostalmedia 46 points 10 months ago (1 children)

To be fair, things like this are pretty rare.

The more common experience is that those reviewers are anal as hell reject people for petty stuff. This malware guy lucked out and got the burned out app reviewer who didn’t look twice.

[–] [email protected] 4 points 10 months ago (1 children)

They’re rare but they’re very effective, because people have their guard down there.

[–] Ghostalmedia 5 points 10 months ago

Yeah, but as the poor sap who has been deemed “computer guy” for every elderly parent, aunt and uncle in the family, I think the Play and App Stores do a decent job of keeping malware in check.

It’s not perfect, but about once every year or two I have to put out a malware fire with a Windows laptop in the family. Dealing with the phones is less of a headache. Especially the iOS devices.

I wish iOS made it easier for people like me to remove those guardrails for my own needs, but for my 80 year old parents, I’m all for keeping them living in Apple and Google’s stores.

[–] WhatAmLemmy 24 points 10 months ago

Apple can't hear you over the billions of dollars they're extorting.

[–] Vub 17 points 10 months ago (1 children)

I am surprised this happened, it’s the first case of anything like this that I have heard of. Do you know of any other cases?

[–] [email protected] 26 points 10 months ago (1 children)
[–] Vub 0 points 10 months ago (1 children)

Thanks for the links. I wasn’t aware of those, it sounds like PlayStore level of crapware in those cases, although you have to be REALLY dumb to be fooled by such obvious ones. But if you’re a very technically challenged person I am sure it is possible.

But the case with the LastPass clone is definitely much more malicious.

[–] [email protected] 5 points 10 months ago (1 children)

But if you’re a very technically challenged person I am sure it is possible.

Isn't that Apple's demographic? People get an iPhone or Mac because it just works and they don't have to worry about complexity and choice. Freedom can be paralyzing to people.

[–] Vub -1 points 10 months ago

That’s oversimplifying it quite a lot. Many tech-educated users, developers, IT experts etc use MacOS/iOS. And many users of Android or other OSes have no idea what they are doing. All the large operating systems today are too wide to have a one demographic, they cover it all.

[–] [email protected] 47 points 10 months ago* (last edited 10 months ago) (3 children)

I work at an MSP and while it wasn’t LastPass, when you search “Microsoft Authenticator” in the app store there’s a similar looking Authenticator app that’s also blue, and because it’s an ad it shows up first. Had a user install that and was confused why they weren’t able to get MFA working.

[–] [email protected] 49 points 10 months ago (2 children)

Ah, this one:

It’s by design!

Either buy ads for your own brand…

…or someone else will:

[–] eager_eagle 48 points 10 months ago (2 children)

Ads in these app stores are a fucking cancer. If the search query is an exact match with the app name, the sensible thing to do is make that app always come first. I guess that won't pay the bills though.

[–] [email protected] 24 points 10 months ago

They only take 30%, they need the ads(!!) :’(

[–] IamAnonymous 5 points 10 months ago

I refuse to search in the App Store for this exact reason. Search on Google gives me the direct link to the App in need.

[–] surewhynotlem 8 points 10 months ago

That said, if you're searching for LastPass, getting 1password as a result is better.

[–] BlueLou 27 points 10 months ago* (last edited 10 months ago) (1 children)

I recently ran through an MFA enforcement campaign and had to build that app into my instructions. "Make sure it's the Microsoft authenticator, not the first result in the paid ad slot" because so many people were installing that app. I do deal with pretty low levels of tech savvy, but still.

[–] [email protected] 2 points 10 months ago (1 children)

The word for “savvyness” is “savvy”. It is both an adjective and a noun.

[–] BlueLou 2 points 10 months ago
[–] Merlin404 6 points 10 months ago

Hade a user doing the same thing, orr a couple of users.. apple just works, yeah sure

[–] [email protected] 8 points 10 months ago

This is the best summary I could come up with:


Bad actors could potentially utilize the new regulation to trick consumers into buying subscriptions that are difficult to cancel.

When introducing its plan for DMA compliance, Apple wrote, “The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.”

What’s more, it’s upsetting to learn that LastPass had to warn customers publicly about a fake app that never should have been published in the first place.

“Our threat intelligence team posted a blog yesterday to raise awareness and help inform the public and our customers of the situation.

We are in direct contact with representatives from Apple, and they have confirmed receipt of our complaints, and we are working through the process to have the fraudulent app removed.”

Hoff added that the company is working with Apple to “understand more broadly how an application like this passed their normally rigorous security and brand protection mechanisms.


The original article contains 684 words, the summary contains 162 words. Saved 76%. I'm a bot and I'm open source!

[–] cheese_greater 6 points 10 months ago (1 children)

Its beyond irresponsible it wasn't pulled the moment the most recent revelations came about. It also made me wonder if Apple "sees" certain fields of your keychain items, in-line with their conflation of convergent encryption as e2ee and other assorted privacy antics

[–] WhatAmLemmy 24 points 10 months ago (2 children)

Why would you assume they "see" certain keychain fields based on the article?

[–] Dran_Arcana 8 points 10 months ago* (last edited 10 months ago)

I'm glad I wasn't the only one wondering that.

[–] [email protected] 2 points 10 months ago

“Because APPLE BAAAD”