Cloud

Apple reports on its forever war against App Store fraud – Computerworld



What risks exist as third-party stores open in Europe?

As the first third-party iOS App Stores prepare to open for business in the EU, Apple’s report must be seen as a checklist for protection. Not only should alternative stores invest in robust monitoring against such attacks, but would-be customers must review what protections exist before sharing payment or any other details with them.

People using these stores will need to protect system security against malware and must also take the time to ensure any apps they do install are what they say they are. For example, we all know the market for people’s private data is vast. Apple has sung a mostly solo song about this and has made major investments to protect customer privacy and explain why it matters. 

There’s quite clearly a market in grabbing your data. And given that not every App Store is like the other, customers will need to check each store’s privacy policy to ensure it is in line with what they expect. That’s particularly true since the Federal Trade Commission received roughly 1 million reports of identity theft last year.

Attackers are smart and sophisticated

The sophistication of attacks is also a matter of concern, particularly following a recent SonicWall Capture Labs report that explains how Android users face a scourge of malware-infested imposter apps — apps that pretend to be legitimate apps like Instagram, but are in fact socially engineered attacks.

Apple notes similar attempts. It said its teams have prevented some attempts in which fraudsters try to distribute what seem to be completely harmless puzzle apps that, once approved, actually turn out to be something completely different, including illegal gambling and predatory loans.

Perhaps more frightening, particularly to less-experienced users, Apple said its App Store fraud teams have encountered financial service apps “involved in complex and malicious social engineering efforts designed to defraud users, including apps impersonating known services to facilitate phishing campaigns and that provided fraudulent financial and investment services.” 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.