Fake Retail Apps Are Flooding The iOS App Store

Apps which resemble those of Nordstrom, Zappos and others are stealing cash from unsuspecting consumers

Illustration: Diana Quach
Nov 08, 2016 at 3:04 PM ET

Hundreds of rogue apps from Chinese developers have laid siege to the iOS App store the last few weeks, fronting as the real deal for retailers like Foot Locker and Nike. But instead of delivering desired goods to consumers, they’re serving up junk pop-up ads, malware, fake deals, and interfaces to steal credit card numbers and other personal info, according to the New York Times.

“We’re seeing a barrage of fake apps,” Chris Mason of app company Branding Brand told the Times, noting it was the first time the company had seen so many in a short window. It has spotted fake apps from Foot Locker, New Balance, Famous Footwear, Overstock, Nordstrom, Polyvore, Zappos, Jimmy Choo, Salavtore Ferragamo, Christian Dior, Dillard’s, Kroger, Dollar Tree, Nike, and more. The New York Post discovered fake apps for Michael Kors and Coach offering steep, fake discounts.

Sometimes the apps are named very closely to the real deal but not quite, such as the Foot Locker app that’s called “Foot Locke.” Or the Kroger app called “The Kroger.” Others use sloppy English or crash before you can make a “purchase.” But unless you are really scrutinizing, enough of the apps use logos and descriptions that seem official enough that thousands of them have already been downloaded. Adding to the confusion is the fact that many of the apps use Apple’s paid ads to rise in search results and appear more legit.

While Mason notes that the apps pushing junk ads are probably harmless, others could inflict real damage on unsuspecting shoppers eager for a good holiday deal, prompting for Facebook logins and credit cards, and instead planting malware to lock phones and demand a ransom.

Though Apple’s app-approval process is meant to weed out sketchy apps, these fake apps still managed to sneak through. “In practice, however, Apple focuses more on blocking malicious software and does not routinely examine the thousands of apps submitted to the iTunes store every day to see if they are legitimately associated with the brand names listed on them,” the Times writes.

This means the real burden of discovery falls on the brands to monitor for lookalikes themselves, or consumers to remain ever vigilant about determining which apps look like the real deal.

The Times and Post reports prompted Apple to remove hundreds of the fake apps already, and an Apple spokesperson told the Times they would “continue to be vigilant about looking for apps that might put our users at risk.” But more fake apps are still popping up every day, which means currently, the whole thing still amounts to “a game of Whac-a-Mole,” Mason said.