Apple bills its App Store as “the world’s most trusted marketplace for apps.”

Last month, Phillipe Christodoulou downloaded an innocuous-looking app from Apple’s (NASDAQ: AAPL) App Store. The app, titled Trezor, and which he found on the App Store after a search, was highly rated with nearly five stars. The app was the namesake of the maker of a hardware device on which Christodoulou stored his bitcoin. All he wanted to do was check his bitcoin balance. But the app was fake and cleaned out his 17.1 bitcoins the moment he logged in crypto keys. (The Washington Post).

Life savings lost

The fake app cost Christodoulou about $600,000, the value of the bitcoins at the time of the incident. They have now valued over a million dollars at today’s prices of bitcoin.

The question is how the perpetrators managed to get their fake app past Apple’s vetting procedures and post it to the App Store.

Apple proudly claims its App Store is “the world’s most trusted marketplace for apps,” and charges a fat 15-30% commission on all sales from the listed app which also goes to funding its curation and vetting of apps on the store.

The hapless Christodoulou is miffed more with Apple than the criminals who store his life’s savings. “They betrayed the trust that I had in them,” he said in an interview. “Apple doesn’t deserve to get away with this.”

“Apple frequently pushes myths about user privacy and security as a shield against its anti-competitive App Store practices,” said Meghan DiMuzio, executive director of the Coalition for App Fairness, which was formed to fight Apple’s power over its App Store. “The truth is, Apple’s security ‘standards’ are inconsistently applied across apps and only enforced when it benefits Apple.”

Masquerading Trezor

The device Christodoulou was using was manufactured by Trezor, a reputed manufacturer of hardware wallets commonly used to store crypto assets offline.

Trezor has not developed an app, but it says bad actors created fakes and uploaded them to the Google Play Store in December and on Apple’s App Store in January.

The company reported the fakes to the app stores and they were removed.

However, the app that victimized Christodoulou used all the Trezor logos and branding, claimed it was a cryptography app at the time of its review. The criminals even assured Apple the app was now involved in any cryptocurrency. Apple cleared the app and it appeared on the Store on January 22. It remained there till at least February 3.

Christodoulou logged in and was hacked on February 1.

He is yet to hear from Apple.

Related Story:  The Biggest Hack in Twitter’s History Nets Scammers $120K