Use Apple’s App Store at your own risk
Summary created by Smart Answers AI
In summary:
- Macworld reports that Apple’s App Store is rife with scams, including a fake Ledger Live app that drained $9.5 million from crypto wallets and affected more than 50 victims.
- Rewards app Freecash was banned for collecting sensitive user data after promising payment for TikTok scrolling, remaining available for two weeks before it was removed.
- These incidents reveal serious flaws in Apple’s vetting procedures, undermining the App Store’s promise to deliver legitimate and safe software to users.
Apple’s app enforcement procedures are in the spotlight this week, as not one but two news reports demonstrate the serious consequences of what appears to be a troubling and lackadaisical approach from the Cupertino-based company.
Case Study 1: “Ledger Live”
On Tuesday, crypto news site CoinDesk reported on a week-long phishing campaign based on the use of a cloned Mac application. Financial hackers created a clone app called Ledger Live, using the old name of a legitimate wallet app for iOS and macOS, and managed to get it accepted by the Mac App Store. Users of this app were asked to enter recovery phrases, and those who did so saw their wallets completely emptied. CoinDesk says the scam affected more than 50 victims and resulted in the loss of at least $9.5 million worth of Bitcoin, Ether and other cryptocurrencies.
One victim, a musician named G. Love, expressed his frustration on X. “I had a really rough day today,” he wrote. “I lost my retirement fund… All my BTC [Bitcoin] gone in an instant. He then clarified that his losses amounted to 5.9 BTC, which at current valuations is worth almost $75,000.
For most of us, such a loss would be devastating. But the unluckiest victims were hit much harder. ZachXBT reports that the three biggest individual losses were worth $2 million, $2.1 million, and $3.2 million, respectively.
The app has now been removed from the App Store, but victims and commenters are wondering how the software managed to pass Apple’s verification process in the first place. It’s also unclear how the fake app remained on the store for a fortnight, apparently taking people’s money for the entire second week of that period, before the company took action. ZachXBT has even floated the idea of a class action lawsuit, although at this point it remains speculation.
Case study 1: Freecash
With unfortunate timing, news of this scam was announced the same week as the Freecash ban, as reported by TechCrunch, Macworld’s sister site. In the ads, Freecash offered to pay users to scroll on TikTok, but that was only a thin veil compared to its real goal: harvesting sensitive data. By installing and running the app, users gave up data on everything from their religion to their sexual orientation, which the creators happily sold to third parties.
Many free apps rely on a data collection business model, and such practices are not in themselves illegal or against the App Store’s terms and conditions. But critics complained that Freecash harvested data in a manipulative and misleading manner. In January, Wired reported that the app used deceptive marketing techniques (the app’s creators deny the allegation, stating that “our apps are fully compliant with Apple App Store and Google Play Store policies, as demonstrated by the fact that they are live and regularly review on the platform”), and TikTok banned some of its ads. But it wasn’t until this week — shortly after being contacted by TechCrunch, perhaps coincidentally — that Apple finally pulled the app.
This decision seems to indicate that Freecash does not meet the standards of the Apple App Store, contrary to the protests of its creators. (The Android app still shows up in Google Search, but the URL it links to no longer works. Presumably, it has also been removed from Google Play.) But again, it’s unclear why Apple’s verification team wasn’t able to spot this gap. Before welcoming the app to the company’s official storefront. Or why it took so long to take action against an app whose darker practices had been highlighted by journalists months before.
Rotten at the Store: The Wider Story
I should point out at this point that the main reason I discussed these two cases in the same article is because the stories were published in the same week. Each, in their own way, has a low opinion of Apple’s control procedures, but that does not mean that they are in the same situation of misconduct. The first case study above is simple theft, while the second is more complicated: an ethically questionable developer choosing to bend the boundaries of what is and is not allowed for personal gain. The principle is the same, but the offenders are not.
Two facts unite these two applications. First, Apple allowed them access to the App Store when it absolutely should not have done so. Second, when problems arose, he let them stay there longer than he could have done for their business. And it raises major concerns about how the App Store is managed and the logic behind Apple’s management of the app market on its products.
After all, the purpose of the App Store is to give Apple device owners confidence that the software they install is legitimate and won’t cause any problems. Craig Federighi claimed that sideloading, or installing applications through unofficial means, is a cybercriminal’s best friend. But what are customers supposed to think when even officially licensed software has the potential to steal their secrets and money? How is the official store better than buying it (probably at a lower price) directly from the developer? What does monitoring really involve, other than malware scanning and the relentless exchange of bank details? What does the App Store provide at this point, other than a helping hand?
This week has been particularly bad, but stories like this are no longer a surprise. The App Store of 2026 is full of filth, scams, and clones, supported by an ecosystem of fake reviews pushing unworthy apps to the top of the rankings. Phil Schiller was complaining about “crazy” scam apps 14 years ago, and to the casual eye, it’s hard to see that things have improved.
Reports in recent years have identified everything from polar VPNs to exploitative knockoffs of popular games. Search is broken, highlighting apps blatantly designed to trick you into clicking the wrong thing; selling ads here doesn’t help matters. So-called trash apps are essentially a license to print money.
In other words, the App Store sucks. And whatever Apple’s app verification procedure is, it doesn’t work. This perhaps reflects the scale of the work. At last count, there were around two million iOS apps on the store, which over its 18-year history equates to around 9,000 per month. Factor in the acceleration over time, not to mention all the other apps that were verified once but have since been removed because the developers stopped updating them, and that’s a lot of verification, even for a well-resourced company.
But is that an excuse? Not really. If running an app store is too much trouble, close it. If full verification isn’t practical, stop pretending the App Store is completely safe. (And definitely stop freaking out about sideloading.) If you can’t make the App Store a truly trusted resource for quality, safe, and legitimate software, give iPhone users the freedom to install from other places. Or just stop pretending that the App Store monopoly is about anything other than revenue.
