Apple is being sued yet again for damages resulting from an allegedly fake scam app available in its App Store, this time involving cryptocurrency.
In a class-action complaint filed on Thursday, the named plaintiff – Maryland resident Hadona Diep, described as a “full-time cyber-security IT professional” – accused Apple of knowingly “authorizing a malicious application” in its App Store that caused Diep to lose 474 XRP tokens, worth about $507 at the time of publication.
According to the complaint, the fraudulent app, a spoof of the legitimate Toast Wallet called Toast Plus, was used to steal Diep’s seed phrase and all of the tokens in the fake wallet. The complaint alleges that “hundreds or thousands” of users were victims of the Toast Plus scam app and that over $5 million in cryptocurrency was stolen.
The class-action lawsuit against Apple is the latest in a series of suits targeting Apple’s $64 billion App Store. Apple has defended its “walled-garden” approach by saying that it keeps users safe by preventing scams and viruses from being unknowingly downloaded – something that has been called into question by Diep’s lawsuit and others, including the developer of the FlickType app.
Critics of the App Store have also accused it of being an unfair monopoly, the debate at the center of the Apple vs. Epic Games lawsuit. Diep’s lawsuit also calls out Apple’s “near-monopolistic application market,” claiming that Apple must “take reasonable precautions to ensure that the goods it provides are reasonably safe and secure.”
Apple did not respond to CoinDesk’s request for comment on the lawsuit.
Scam Apps Are Rampant
Apple has seemingly struggled to keep the quickly proliferating scam apps out of its App Store, causing damage to both businesses and consumers.
Julie Conroy, head of risk insights and advisory at research and advisory firm Aite-Novarica Group, told CoinDesk that the battle against fake apps is nothing new.
“Attackers have been using very sophisticated tactics for years to dupe unwitting consumers into downloading fake apps from the app stores in order to deploy malware and compromise credentials,” Conroy wrote in an email to CoinDesk.
“While the app stores do have review processes in place to try to detect these, fraudsters have developed some ingenious ways to avoid detection,” Conroy added.
Conroy also wrote that consumer education has been a key component of the defensive strategy taken by financial institutions to protect consumers, but that can be challenging to deploy and measure because consumers are inundated with messages from various sources about cybersecurity.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.