I get that I've failed to vet the app but honestly, how does a scam app become the #1 organic search result (not promoted) in the app store, topping binance, blockchain.com, and coinbase?
EDIT: linking to a screen recording that includes this post and comments of no repro:
Before removing the app - https://streamable.com/q2mulu
After removing the app - https://streamable.com/y5nhy7
just tried it
- my bank? I get crypto.com
- train company app? knockoff app that charges extra fees
- my broker? CFD gambling app
- official government app for paying my tax? intuit product
scammy ads plastered everywhere is what I'd expect from Google products
not for the Apple equivalent that commands a significant price premium
This won’t fit with the manufactured popular understanding, but at the current time, Google protects you from fraud and scam better than anyone.
I have been unfortunate enough to be scammed recently from a bing search result (ad). (It was a new computer and I decided to use Edge and bing was the default search).
Apple, Microsoft etc. are rookies in this game. Google just has the benefit of experience and hence is much safer now than anyone can ever become in the near future. Because of this, scammers are much more likely to target other platforms… which happen to be Apple, Bing, Facebook etc.
I have to disagree. Czech Youtube is currently full of scam ads with photos (and sometimes even bad deepfakes) of Czech president and other public figures, supposedly endorsing some investment product that yields you like 50% profit. I keep reporting these, and I know some people who do too, but ~80% of those reports get handled as "we determined no violation of our rules".
- Around a lot of things software, including the Play Store, Google’s safety and security, for all its ads, tracking and shenanigans, are real, largely verifiable, discussed openly, and pretty fucking robust (not to mention, most of it are actually open).
- Apple’s? Smoke and mirrors! Essentially some vague shit which often ludicrously boils down to Safest Shit Ever On an iPhone™ (and doesn’t go further than that) and never discussed or even offered a glimpse of.
In fact, I just used all your searches on Google play and got
- my bank
- the train company app
- my broker
- hmrc
The next 4 or 5 in each case were also legit. Maybe this is really something to be aware of if switching to apple? Certainly would not have been something I would have been expecting from apple (though I am pretty careful about vetting apps).
What is CFD gambling? When I read “CFD” I always think of computational fluid dynamics and so “CFD gambling” sounds pretty cool to me. Obviously I do know I’m just overfitting to a TLA and I’d like to know what it actually means.
Everyone should be better than that, but as far as Apple specifically, they're really no better than any other hypermegacorp. Apple's a company, it doesn't give a damn about you, it only gives a damn about enriching its owners.
If you’re curious, Four’s description is “Shop Now, Pay Later.”
in this case: extremely short term highly leveraged bets
- Spotify -> Deezer
- Uber -> Heetch
- UberEats -> Deliveroo
- Deliveroo -> Ubereats
- My bank -> crypto.com
I have no idea why Apple allows buying trademarks/full app names as an ad keyword. Perfect matches should always have the app first, not an ad.
Is there something in the AppStore rules that prevent apps from buying the keyword ad for their own app?
Because unlike a regular search query, app store searches tend to be for app names, which are unique. Advertisers won't be interested unless bidding on brand names were allowed.
I won't search the App Store anymore. I go to the web site for the app I want and get the App Store link that way.
I wish the App Store listings would specify the domain of the entity they come from in plain text, backed by a validation method similar to what we do for TLS certs.
For me on apple UK app store:
my bank - Ad: another legit bank. First result: my bank
Train company - Ad: a generic legit train booking app. First result: the train company
My broker - Ad: another broker. First result: my broker
Official government app for paying my tax - ad: a general tax app. First result: government app.
It stands to reason that they won't show an ad for the thing you're searching when it's the first organic result so I don't find this surprising.
[1] I have two and tried both. Results were the same with a different legit bank as the ad each time.
I would also expect products with premium pricing to not contain ads.
I don't think 'gambling app' is a fair description given it's a regulated security, any broker that truly offers CFD trading is (1) going to be legit; (2) going to be competing with the broker you were searching for for result space.
Of course to serve its users any app store should massively prioritise the word/brand (incl. typos) you actually search for though.
Er, no. "Contracts for Difference" are the new binary options.
They're in the category that, while they theoretically can be used by skilled investors, anyone offering them to retail punters is up to no good. Because those punters are going to lose money to them hand over fist.
It’s cool to crap on Apple and all these days but this is all categorically false. What you are referring to is the Ad on the top of the page. It’s clearly labeled as ad and has a light blue box around the whole ad.
I tried all those things you mentioned and the first result after the clearly labeled ad is what I searched for.
> - my bank? I get crypto.com
Although crypto.com is not a bank, they seem like a legit business and not a scam. Many people are using crypto.com: I know one person who has one such card and I asked a waiter if he had already seen cards like that (waiters gets to see many credit/debit cards a day) and he answered me that they weren't that uncommon.
> - official government app for paying my tax? intuit product
They may be using shady tactics but they are not a scam.
Schiller, an Apple veteran who once ran its marketing machine, said the moves to break the company’s closed ecosystem for software will undermine the privacy and security the company has worked to build into its products and services. “This isn’t our first choice,” he said. “We always want to have the highest standard everywhere in the world but we also have the requirement to meet the legal requirements in the local markets. “In the App Store we have a lot of signals that we are looking for every day to find scams and stop them,” Schiller said. “With these new marketplaces we won’t have visibility into those issues.”
Right.
https://files.mastodon.social/media_attachments/files/111/95...
Same is now happening with iOS sideloading, instead of robust antimalware based on heuristics and app behavior (like Google Play Protect), they'll keep relying on blunt instruments like notarization. Doubt it'll keep users safer. Maybe it's NIH syndrome?
Perhaps they let this one slip through because their team was too busy dragging out the review process for our cannabis compliance application, they can only afford so many reviewers after all. We wouldn't want children accidentally getting their hands on regulatory compliance data for deadly deadly cannabis. (which could happen with our application, after they had signed up and verified their agency cannabis license (which only takes many months/years and $$$$$s to get))
But, even at this stage, Apple is still “the best”, because of the slower pace of the corruption and in comparison to the toxic dumpster fire of the alternatives.
Android and Windows are spyware/malware masquerading as OSs.
On Apple though, you don't have anything other the App store. That's something to consider. On Android, you have the chance to install F-Droid for example.
My theory is, they paid for an Ad in a specific region and hence it started showing on top, people started downloading in that region, and that boosted the overall ranking for that app and hence people from other regions are seeing it among top results, even though its not an Ad there. Irrespective of the rating or freshness of the app, since it is getting downloaded in one region (because it is an Ad there), automatically it goes to top in other regions.
This trick can be used by other apps also, considering it would be cheapter to buy the top Ad spot in India and then it organically rises to the top.
The researchers who conducted the report found that retail giants such as Amazon, American Airlines, Lego, Pizza Hut, and Samsung were all victims of identity fraud within Google Search Ads.
Here's a Google SERP for "Facebook" which shows Facebook as the URL, redirects to an Apple security scam: https://youtube.com/shorts/gTEuqXYAp58?si=lzFV9mfX31_8nzd1
Google even vouches for the advertiser:
https://twitter.com/leanmediaorg/status/1724467969344905534/...
But hold on a sec. Is this verified by others? The guy in the video cuts to a screenshot, which doesn’t show the resulting url or how he got there, so it’s hard to tell what happened.
Google vouches that the advertisers is who is he says he is. Google is not vouching for the reputation if the advertiser.
It's possible that it's just because it was literally called "Bitcoin Wallet", an exact match for your search, or boosted by fake reviews, or it was actually an ad that you didn't notice. Though it shouldn't have gotten past review at all
But I don't really understand why you'd blindly trust some random app?
Also, would be interesting to take a look at the app, sadly know nothing about ios apps or how to get the IPA, only android.
The question is why is the scam app the #1 organic search result? For a new app with such scammy reviews and questionable metadata I would expect it to be #30 in the list. For context, the app store reports the scam app as #85 in all finance apps.
The real answer is that this has been happening for years. You can pay companies to pump up your app to the top of App Store search results or "app categories" lists, and they'll have farms of iPhones/Androids downloading apps to pump up their rank, and giving them 5 star reviews.
There have also been repeated problems with copycat apps that impersonate real indie apps (and sometimes end up earning more than the real app), which should have been a warning sign of the problems of App Review. Google "app store copycat" and you'll see.
Perhaps because Apple claims their apps go through a review process, and one would hope this would have failed that process? That's what Apple claims the value proposition of their 30% cut and closed platform are.
To be fair many crypto wallet apps are deceptively simple applications.
I have only 1 other app of this variety on my phone currently and haven’t used it or searched for anything crypto related including months.
Then I figured a legit apple app could generate a wallet and I could transfer the bitcoin between them. Which is what I did. The apple app indeed received it and promptly sent it off somewhere else. What's even crazier is that the apple app shows this info! You'd expect the scammer to hide the scam but I suppose it just made it easier to pass the app store inspection.
Did you try moving the crypto back to your Android wallet? Sometimes they do move to cold storage, or invest into DeFi schemes. It will be hidden in their T&C.
I think there are ~ 3m apps available right now. Apple is the only place (currently) to sell apps, or buy apps. They interpose themselves, and do a poor job of things. How can a buyer make his apps visible? How can a seller find anything?
There should not only be more app stores, there should be markets and communities and personal apps.
money to scammers. However, yes it is possible to recover your stolen
bitcoins. I never believed in bitcoin recovery because I was made to
understand that it was not possible. However, sometime in October I fell
for a forex scam which promised overly high returns and I ended up
losing close to $55,000. I searched for a month for help until I finally
came across an article on reddit in regards to recovering stolen
cryptocurrency so I reached out to them (IBRAHIMFINLEY8 @ gmail, com) I
was so scared and skeptical because I have heard of bad experiences but
I decided to give him a try and to my greatest surprise I was able to
get all my stolen bitcoins recovered from the scammers within a very
short time frame.
It sounds like somebody is burning developer accounts to keep reposting the scam app. Not unlike people being banned from a website and then resubscribing with a different email or through a VPN or whatever. It slipping through into your results isn't so much plain neglect as it is an arms race that Apple is on the losing side of this time.
Robust algorithmic ranking and moderation at scale is a myth, though, and you can find this happen pretty much everywhere. This one will probanly get squashed with some near-term update to their algorithm, and then get compromised again sometime later since crypto is so ripe for scamming.
You can't escape personal due diligence and "it was top ranked!" has never been that.
Apple continually makes claims that the closed ecosystem is essential to the safety of their customers, that they have a robust review process, and that their customers choose them because of the safety they provide. Apple should stop repeating these claims if they are not, in fact, reliable protection against scams.
> You can't escape personal due diligence and "it was top ranked!" has never been that.
On one hand that's a fair point and I should've known better. OTOH I think it is legit to trust top app store search results to return quality apps, especially if there is a massive disparity between their quality. The scam app has obvious repetitive spam reviews. The developer's website is terrible and the submit button doesn't even work. This is basic quality control on apple's part. If every single app store user needs to manually vet every single app they install to the proper extent there would be a fraction of a fraction of the installs and respectively, a fraction of a fraction of the revenue.
Consider the extent of lawsuits between apple and companies with app store apps - does it not strike you that apple protects that revenue stream? Wouldn't it make sense to give app store users a sense of trust in the top search results?
Mistake #1 : switching to an even more closed computing environment, where user has strictly no control
> android
Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden
> wallet
Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money
> but its still up there, #1 search result.
Mistake #4 : trusting that Apple is making huge efforts to secure their environment.
In the same vein as "not your keys, not your coins" :
- "trust the vendor, not your coins"
- "not your hardware, not your coins"
- "not your operating system, not your coins"
- "not your key management software, not your coins"
- "not open source and therefore not auditable, not your coins"I've been with Google Nexus and Pixels for many years, roughly starting with the Nexus One. Ironically, I switched from an iphone 3GS at the time that I owned for a few months.
After many years of being on windows, then linux, then Mac, then back to linux, now back to Mac with linux on ssh, my conclusion is that user control doesn't necessarily mean a better user experience. A closed computing environment allows for consistency and sturdiness. When you start looking at your phone as a device, rather than as a computer, it becomes obvious.
> Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden
I don't control android in any way. I could read its source code if I really, really wanted to but why would I? I want a product. A device. Would you read the source code of your washing machine? Dish washer? At some point you want to live your life and stop reading anything and everything as if you actually have enough time to tinker with all of it.
> Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money
Meh. 'Significant amounts of money' is subjective. Some would say the amount of money I lost would be a life changer, some would shrug it off as a yearly bonus on the lower end of the scale. Fact is, I had my bitcoin on some version of a pixel for roughly 7 years and never had a problem.
> Mistake #4 : trusting that Apple is making huge efforts to secure their environment.
They made a huge effort to secure their hardware; its some of the best in the world. The thing is they put a ton of focus on hardware security but hardly enough on software / service stuff. In this case, the app store search was compromised by some bots leaving reviews.
Your general theme seems to rely on having access to open source on all levels leads to more security.
This is patently false. For example, the vast majority of smartphones use baseband processors that are not just closed source with closed source drivers, but the ICs themselves are tightly guarded secrets by their manufacturer (probably Qualcomm). There are probably a dozen or so chips in every smartphone running all sorts of firmware you have no access to. Same goes for computers.
In fact, I would argue that Apple's model might be the most secure, because they do SoC, which requires they know far more about and have much more control over the inner workings of every sub component.
It's a tragedy for parents who look for games for their kids, 99% scam. That's why Apple Arcade even exists. You can't find any legit games in the normal range $1-$20 one time payment and all features enabled.
To me this shows Apple is past its good phase and deep into the dark phase, where their only purpose is to milk present users of all their worth. Enshittification for profit.
Who would ever use a currency that can just be stolen like this? No way of getting anything back. No security. Slower than a bank transfer now.
So many of them are blatantly scams that it's not credibly "human error".
Apple vets every app through their review team but it’s a shit show of inconsistency.
Apple’s wall garden doesn’t do much other than rent seeking.
I got scammed in an ethereum site back in the day. Wasn’t a big loss but it was the straw that broke camel’s back.
If it was my credit card, I would have been refunded. Coinbase did fuck all, couldn’t even reach a real human.
I sold all my crypto a few months later.
Crypto and stock market move in tandem. Crypto has much higher trading fees. Fidelity gives me zero fees.
From a value investing perspective, crypto was a bad and unsafe investment.
I agree that folks who got in 10 years early made a fortune, but last few years have lackluster growth.
2) Post on Reddit is FUD from competitors (newly created account included). People who transfer C$150k know exactly what to do when they lose money (no, they don't visit /r/Bitcoin to ask "any chance of fund recovery or all gone?"). Don't promote FUD on HN.
Just because an account is newly created does not make their first post FUD. Their story is precisely what happened to me, although for a slightly smaller amount of money.
As for the example - can’t replicate, but seems crazy to put a seed phrase into some random app you didn’t get yourself. Even if the app wasn’t a scam.
It's just people behaving in a certain way, and that being exploited. If people had a different behavior, the exploit would be different too.
What's crazy is that a scam app is the #1 organic search result for 'bitcoin wallet', above blockchain.com and coinbase.
(2) Do you think a legitimate wallet app will engage in the same black-hat SEO tactics a scam app developer will?
You can, since 2021. https://www.theverge.com/2021/10/4/22705405/apple-report-a-p...
