Fraudulent malware in the Apple App Store easily passed all Apple's supposed tests

[david]

Apple didn't find it. LastPass did. It easily slipped through whatever
meager (perhaps non existent?) malware tests that Apple supposedly runs.

https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/
A password manager LastPass calls fraudulent booted from App Store

As Apple has stepped up its promotion of its App Store as a safer and more
trustworthy source of apps, its operators scrambled Thursday to correct a
major threat to that narrative: a listing that password manager maker
LastPass said was a "fraudulent app impersonating" its brand.

Somehow, Apple's app vetting process-long vaunted even though Apple has
provided few specifics-failed to spot the LastPass lookalike. Apple removed
LassPass Thursday morning, two days, LastPass said, after it flagged the
app to Apple and one day after warning its users the app was fraudulent.

"We are raising this to our customers' attention to avoid potential
confusion and/or loss of personal data," LastPass Senior Principal
Intelligence Analyst Mike Kosak wrote.

A LastPass representative said the company learned of the app on Tuesday
and focused its efforts on getting it removed rather than analyzing its
behavior. Company officials don't have information about precisely what
LassPass did when it was installed or when it first appeared in the App
Store.

Apple representatives didn't respond to an email asking questions about the
incident or its vetting process or policies.

[Alan]

Arlen...


...where does it say that this was "malware"?

Hmmm?

[Alan Browne]

On 2024-02-09 02:43, david wrote:
> Apple didn't find it. LastPass did. It easily slipped through whatever
> meager (perhaps non existent?) malware tests that Apple supposedly runs.

You're miscasting what happened.

This was not malware in the usual sense - just another app that behaved
properly but potentially having a "nasty" side. The nasty side is using
a name similar to LastPass and the potential that it may have been
passing on people's sensitive date/passwords to its mothership.

When you get an app like LastPass or 1Password you are likewise putting
full faith into those developers. These two are well known, legitimate,
safe apps. (I use the latter but am weening off of it for other reasons).

An app called LassPass could theoretically be legitimate and protect
user's data ... but the attempt at a similar name is a bright red flag -
good that Apple remove it - hopefully they remove all apps from that
developer - at least until credibility is established.

When using apps with access to sensitive info, I spend a lot more time
looking for reasons to trust (or distrust) them.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

[Alan Browne]

On 2024-02-09 12:31, Tyrone wrote:
> On Feb 9, 2024 at 9:02:03 AM EST, "Alan Browne" <bitb...@blackhole.com>

> wrote:
>
>> When you get an app like LastPass or 1Password you are likewise putting
>> full faith into those developers. These two are well known, legitimate,
>> safe apps. (I use the latter but am weening off of it for other reasons).
>

> I would never use any of these apps. Storing passwords online just seems
> incredibly foolish to me.

As long as one guards the password to that file (and that password is
not guessable) it is perfectly safe to store it online.

In the first place it is unlikely to be stolen from the online site, and
even if it is, AES-256 encryption is too hard to break in any time less
than many multiple lifetimes of the universe.

>
> My passwords look random, but they have meaning to me and are easy to
> remember. I have no need for online password storage.

That's fine as long as they are not of trivial length and (very
importantly) are unique for every website.

I have far too many to manage that way.

[david]

Using <news:lQtxN.354397$xHn7....@fx14.iad>, Alan Browne wrote:

>> I would never use any of these apps. Storing passwords online just seems
>> incredibly foolish to me.
>
> As long as one guards the password to that file (and that password is
> not guessable) it is perfectly safe to store it online.

Nobody could deny this app easily slipped through Apple's checks and nobody
could deny it took Apple too long to react (at least if you ask the people
whose rather sensitive credit card & password data was apparently already
stolen in that interim where Apple was moribund, according to LastPass).

But on the topic of whether or not it's a good idea to store your sensitive
passwords on an online database which could ask for your credit card
information, there are always going to be pros and cons to the equation.

Many love online password programs, some of which automatically enter
passwords when you attempt a login to a given company (which is nice).

Online passwords are nice for a few other reasons, one of which is you
can't lose them if you lose your device. Another reason online passwords
are nice is all your devices access them anywhere (as long as you have
Internet access anyways). There's also the advantage of automatic sync with
all your devices if you happen to have added a new password from one.

But for every pro, there's a con that has to be weighed against it.

The main negative that this malware app took advantage of by stealing
people's credit card information and their passwords (most likely) is in
the fact people are paying for the service using their credit cards and
they are using real names & real phone numbers & real addresses.

Instantly, that's crossing the red line when it comes to basic privacy and
security on the Internet.

The other red line is that you're giving one outfit all your passwords, and
that one outfit is definitely going to be targeted by every hacker out
there, including the ones whose funding is many times the net worth of
LastPass (meaning they outfund LastPass by many times over).

If there are never any holes in LastPass security, they wasted their money.
But there are always holes. You know that. So that's the second con.

Granted those two cons won't outweigh the convenience of LastPass for
millions of people who are, let's put it nicely, not technically astute.

One simple test if someone is technically astute is to ask them if they're
using "cloud storage" and if they are, ask them which one and from that
answer, you will know whether they are technically competent or not.

Most are not.

By way of comparison, the technically competent people know how to set up
their own cloud (for example NextCloud) if a cloud is what they desire.

But better yet, the most technically competent probably shun clouds
altogether by storing the passwords in an encrypted password database (such
as KeepassXC) where syncing is handled on the LAN such that the kdbx
databases are always in sync across all your devices.

If they absolutely must have access from someone else's device (say on a
library computer when they're traveling and their phone battery is dead),
they can always upload that encrypted kdbx file to any cloud server.

This is just a point of view where the pros and cons are weighted different
for each person, mostly depending on their technical abilities more than
anything else.

[Alan]

On 2024-02-09 10:38, david wrote:
> Using <news:lQtxN.354397$xHn7....@fx14.iad>, Alan Browne wrote:
>
>>> I would never use any of these apps. Storing passwords online just seems
>>> incredibly foolish to me.
>>
>> As long as one guards the password to that file (and that password is
>> not guessable) it is perfectly safe to store it online.
>
> Nobody could deny this app easily slipped through Apple's checks and
> nobody could deny it took Apple too long to react (at least if you ask
> the people whose rather sensitive credit card & password data was
> apparently already stolen in that interim where Apple was moribund,
> according to LastPass).

Why must you lie, Arlen?

From your own source:

'There’s no indication that LassPass collected users’ LastPass
credentials or copied any of the data it stored.'

>
> But on the topic of whether or not it's a good idea to store your
> sensitive passwords on an online database which could ask for your
> credit card information, there are always going to be pros and cons to
> the equation.
>
> Many love online password programs, some of which automatically enter
> passwords when you attempt a login to a given company (which is nice).
>
> Online passwords are nice for a few other reasons, one of which is you
> can't lose them if you lose your device. Another reason online passwords
> are nice is all your devices access them anywhere (as long as you have
> Internet access anyways). There's also the advantage of automatic sync
> with all your devices if you happen to have added a new password from one.
>
> But for every pro, there's a con that has to be weighed against it.
>
> The main negative that this malware app took advantage of by stealing
> people's credit card information and their passwords (most likely) is in
> the fact people are paying for the service using their credit cards and
> they are using real names & real phone numbers & real addresses.
> Instantly, that's crossing the red line when it comes to basic privacy
> and security on the Internet.

'There’s no indication that LassPass collected users’ LastPass
credentials or copied any of the data it stored. '

[Your Name]

I have yet to see anywhere that says the fake app does anything
actually wrong, as in bein "malware". Even the LastPass developers say
above that they haven't bothered to see what it does.

At worst, it's just a knock-off app using a similar name to potentially
trick people into getting it by mistake. There are hundreds of
knock-off apps that copy someone else's idea on the Apple App Store and
thousands on the Google Play store.

Yet another storm in a thimble being over-exaggerated by the anti-Apple
nutters and teh lazy news media. :-\

[Hank Rogers]

Some people are just really mean to poor old apple. It's the
most mistreated company in history. Everybody sues them! For
minor stuff, and apple NEVER sues anybody else, and never tries
to ...

[Hank Rogers]

Maybe you're right. After all, the apple app store contains
mostly rubbish anyway. At best, you're downloading harmless,
but flakey shit. Useful programs are few and far between,
though there are some worth keeping, and even paying for.

[Oscar Mayer]

On Fri, 9 Feb 2024 17:31:38 -0600, Hank Rogers wrote:

>> Yet another storm in a thimble being over-exaggerated by the
>> anti-Apple nutters and teh lazy news media.  :-\
>>
>
> Maybe you're right. After all, the apple app store contains
> mostly rubbish anyway. At best, you're downloading harmless,
> but flakey shit. Useful programs are few and far between,
> though there are some worth keeping, and even paying for.

The fact it happened is the proof of Apple's hollow boasts of security.
In addition to the fact Apple didn't even notice it.
And that it took days fro Apple jut to figure out what had happened.
Even after being told exactly what had happened.
From reliable sources.

The Apple propagandists want to minimize that Apple *removed* the app,
which even those apostles of the Apple-can-do-no-wrong evangelism can't
deny that it was (the real) LastPass who had to get Apple to remove it.

What it shows is Apple's gasconades about vetting apps are a hollow shell.
The fact is obvious Apple doesn't test apps at all for fraudulent malware.

[Your Name]

On 2024-02-10 02:22:45 +0000, Oscar Mayer said:
> On Fri, 9 Feb 2024 17:31:38 -0600, Hank Rogers wrote:
>>>
>>> Yet another storm in a thimble being over-exaggerated by the anti-Apple
>>> nutters and teh lazy news media.  :-\
>>
>> Maybe you're right. After all, the apple app store contains mostly
>> rubbish anyway. At best, you're downloading harmless, but flakey shit.
>> Useful programs are few and far between, though there are some worth
>> keeping, and even paying for.
>
> The fact it happened is the proof of Apple's hollow boasts of security.

What happened?? Some lazy developer created a copy-cat app ... that's
got absolutely nothing to do with "security".

Until someone finds out whether or not the app actually does something
nasty, it's just the usual massive load of over-hyped bukllshit by the
anti-Apple nutters.

> In addition to the fact Apple didn't even notice it. And that it took
> days fro Apple jut to figure out what had happened. Even after being
> told exactly what had happened. From reliable sources.

There are hundreds of copy-cat apps on the Apple App Store.
There are *thousands* of copy-cat apps on teh Google Play Store.

There will always be lazy developers who try to cash in on someone
else's idea. (Not just app developers either - just lok at all the
copy-cat TV shows, movies, and books that get made!)

> The Apple propagandists want to minimize that Apple *removed* the app,
> which even those apostles of the Apple-can-do-no-wrong evangelism can't
> deny that it was (the real) LastPass who had to get Apple to remove it.
>
> What it shows is Apple's gasconades about vetting apps are a hollow shell.
> The fact is obvious Apple doesn't test apps at all for fraudulent malware.

And another braindead anti-Apple cretin joins the killfile.

[Alan]

On 2024-02-09 18:22, Oscar Mayer wrote:
> On Fri, 9 Feb 2024 17:31:38 -0600, Hank Rogers wrote:
>
>>> Yet another storm in a thimble being over-exaggerated by the
>>> anti-Apple nutters and teh lazy news media.� :-\
>>>
>>
>> Maybe you're right. After all, the apple app store contains mostly
>> rubbish anyway. At best, you're downloading harmless, but flakey shit.
>> Useful programs are few and far between, though there are some worth
>> keeping, and even paying for.
>
> The fact it happened is the proof of Apple's hollow boasts of security.

No...

...it really isn't...

...Arlen.

> In addition to the fact Apple didn't even notice it.
> And that it took days fro Apple jut to figure out what had happened.
> Even after being told exactly what had happened.
> From reliable sources.
>
> The Apple propagandists want to minimize that Apple *removed* the app,
> which even those apostles of the Apple-can-do-no-wrong evangelism can't
> deny that it was (the real) LastPass who had to get Apple to remove it.
>
> What it shows is Apple's gasconades about vetting apps are a hollow shell.
> The fact is obvious Apple doesn't test apps at all for fraudulent malware.

This has literally nothing to do with malware...

...Arlen.

[Hank Rogers]

Good for you. Kill 'em all.

[Larry Wolff]

On 2/9/2024 11:15 PM, Hank Rogers wrote:

>> And another braindead anti-Apple cretin joins the killfile.
>>
>
> Good for you. Kill 'em all.

It's about Apple boasting that they check for malware when it's clear that
Apple never once checked for fraudulent malware (which is likely rampant).

That this got through Apple's "tests" shows what a sham Apple's tests are.

[Alan]

Not discovering that an app is trying to pretend to be another app has
literally NOTHING to do with checking for malware.

[Jolly Roger]

On 2024-02-10, Larry Wolff <larry...@larrywolff.net> wrote:
> On 2/9/2024 11:15 PM, Hank Rogers wrote:
>
>>> And another braindead anti-Apple cretin joins the killfile.
>>
>> Good for you. Kill 'em all.
>
> It's about Apple boasting that they check for malware when it's clear
> that

This app isn't malware. All you loser trolls have are lies.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Alan Browne]

On 2024-02-09 13:38, david wrote:
> Using <news:lQtxN.354397$xHn7....@fx14.iad>, Alan Browne wrote:
>
>>> I would never use any of these apps. Storing passwords online just seems
>>> incredibly foolish to me.
>>
>> As long as one guards the password to that file (and that password is
>> not guessable) it is perfectly safe to store it online.
>
> Nobody could deny this app easily slipped through Apple's checks and
> nobody could deny it took Apple too long to react (at least if you ask

Again you don't understand what happened. No surprise.

[Alan Browne]

On 2024-02-09 21:22, Oscar Mayer wrote:
> On Fri, 9 Feb 2024 17:31:38 -0600, Hank Rogers wrote:
>
>>> Yet another storm in a thimble being over-exaggerated by the
>>> anti-Apple nutters and teh lazy news media.� :-\
>>>
>>
>> Maybe you're right. After all, the apple app store contains mostly
>> rubbish anyway. At best, you're downloading harmless, but flakey shit.
>> Useful programs are few and far between, though there are some worth
>> keeping, and even paying for.
>
> The fact it happened is the proof of Apple's hollow boasts of security.
> In addition to the fact Apple didn't even notice it.
> And that it took days fro Apple jut to figure out what had happened.
> Even after being told exactly what had happened.
> From reliable sources.
>
> The Apple propagandists want to minimize that Apple *removed* the app,
> which even those apostles of the Apple-can-do-no-wrong evangelism can't
> deny that it was (the real) LastPass who had to get Apple to remove it.

You're another one who doesn't get it and is breathlessly piling on
Apple in the typical mindless manner of your ilk.

The app in question would pass all of the Apple "checks" as it is not
designed as malware per se, but as an imposter - social engineering to
be more clear.

This is a security issue only because the imposter co. has no earned
credibility. So the app will behave correctly, but you have no idea if
the app is actually not giving up the data to the creator of the product.

LastPass and 1Password have earned trust in this domain. Otherwise they
are no more "safer" than the imposter co. except by earned reputation:
they do not "look into" the data they guard for you. (Claimed and not
found to be not so).

For every app on the app store there are a few to a few dozen similar
apps with similar names and similar logos. They are "good" in the sense
they meet Apple's security requirements. This imposter app is no
different. We just don't know if, "under the hood" it is violating the
trust that such apps (password managers) require.

[david]

Using <news:kqLxN.280713$Ama9....@fx12.iad>, Alan Browne wrote:

>> Nobody could deny this app easily slipped through Apple's checks and
>> nobody could deny it took Apple too long to react (at least if you ask
>
> Again you don't understand what happened. No surprise.

What do you disagree with of my understanding based on the reports?

1. *Apple pulled it* after LastPass asked them to remove it.
2. Apple took a few days and then fully *agreed* with LastPass.
2. LastPass clearly publicly says it's *fraudulent malware*.

Which do you dispute and what is your basis for that dispute?

[david]

Using <news:sSLxN.84694$GX69....@fx46.iad>, Alan Browne wrote:

> The app in question would pass all of the Apple "checks" as it is not
> designed as malware per se, but as an imposter - social engineering to
> be more clear.

You're trying to excuse why you don't like what happened.
Without understanding what happened.

Apple removed it.
Because it didn't meet Apple's requirements.

You don't like that Apple removed it, but that's what Apple did.
You don't like why Apple removed it perhaps, but Apple removed it.

What this shows is what you don't like.
It clearly and very publicly shows that Apple's boasts are hollow.

> This is a security issue only because the imposter co. has no earned
> credibility. So the app will behave correctly, but you have no idea if
> the app is actually not giving up the data to the creator of the product.

The fact Apple *removed* it (after testing it) is all you need to know.

That means it failed Apple's requirements.
Only Apple didn't even know it.
Until Apple was told about it.

Which means Apple didn't check for it meeting their requirements.
Apple's boasts are hollow.

> LastPass and 1Password have earned trust in this domain. Otherwise they
> are no more "safer" than the imposter co. except by earned reputation:
> they do not "look into" the data they guard for you. (Claimed and not
> found to be not so).

Absolutely.
Apple doesn't bother to check what you call "trust" for any app.
Apple's boasts are hollow.

> For every app on the app store there are a few to a few dozen similar
> apps with similar names and similar logos. They are "good" in the sense
> they meet Apple's security requirements.

Apple removed it on the request of LastPass.
That means it failed Apple's requirements.
That this happened after the fact shows Apple's boasts are hollow.

> This imposter app is no
> different. We just don't know if, "under the hood" it is violating the
> trust that such apps (password managers) require.

What it shows, by the fact Apple removed it after LastPass notified Apple
of the app, and after Apple took two days to investigate it, is that it
slipped by what you call 'trust' and that means plenty of others did too.

That it happened shows Apple's boasts are hollow.

[david]

Using <news:l2ofki...@mid.individual.net>, Jolly Roger wrote:

>> It's about Apple boasting that they check for malware when it's clear
>> that
>
> This app isn't malware.

LastPass called it "Fraudulent Malware" and Apple subsequently removed it.
After testing it for two days (according to the reports).

So what's clear is it didn't meet Apple's requirements.
And yet, it was there. Which likely indicates plenty of others are also.

That it happened clearly shows Apple's boasts are hollow.
That's what you don't like.

And you shouldn't like it.
Blame Apple. Not LastPass.

All LastPass did was inform Apple the app passed Apple's checks and yet the
app clearly does not meet Apple's boastful requirements.

Otherwise, Apple wouldn't have removed it after investigating it for days.

[Alan Browne]

You said it passed through Apple's checks. Quite right. Of course it
did, because it was not malware per se. It is imposter ware, perhaps,
and there is no way Apple could control for that.

Lastpass did __not__ say the imposter was malware, by the way.

As explained elsewhere, when one trusts Lastpass or 1Password to be a
password locker manager, one is putting full faith in their reputations
- fact is, if they wanted, they could be sucking all the data out of
your "locker" along with the decrypt key and use it maliciously.

Fortunately they have instead earned the trust of millions of users to
use their products as reliable purpose made apps.

As to the imposter ware, it is malware free as far as anyone knows, but
nobody has tested it sufficiently to see if it is trustworthy.

Now I expect the above is confusing to you, because you are what you are.

[Alan Browne]

On 2024-02-10 15:05, david wrote:
> Using <news:sSLxN.84694$GX69....@fx46.iad>, Alan Browne wrote:
>
>> The app in question would pass all of the Apple "checks" as it is not
>> designed as malware per se, but as an imposter - social engineering to
>> be more clear.
>
> You're trying to excuse why you don't like what happened.
> Without understanding what happened.
>
> Apple removed it. Because it didn't meet Apple's requirements.

Because LastPass protested over the imposter ware attempting to pass it
off as a LastPass product.

No indication that it was malware. It certainly didn't trip Apple's
malware detection algorithms.

And Lastpass seem to state they don't know if the imposter was in fact
malicious.

Balance of your circular head amusement snipped.

[Alan Browne]

On 2024-02-10 15:09, david wrote:
> Using <news:l2ofki...@mid.individual.net>, Jolly Roger wrote:
>
>>> It's about Apple boasting that they check for malware when it's clear
>>> that
>>
>> This app isn't malware.
>
> LastPass called it "Fraudulent Malware" and Apple subsequently removed it.
> After testing it for two days (according to the reports).

Please link to the "reports" you're citing.

[Alan]

On 2024-02-10 11:54, david wrote:
> Using <news:kqLxN.280713$Ama9....@fx12.iad>, Alan Browne wrote:
>
>>> Nobody could deny this app easily slipped through Apple's checks and
>>> nobody could deny it took Apple too long to react (at least if you ask
>>
>> Again you don't understand what happened.  No surprise.
>
> What do you disagree with of my understanding based on the reports?

The part where you called it "malware"?

>
> 1. *Apple pulled it* after LastPass asked them to remove it.
> 2. Apple took a few days and then fully *agreed* with LastPass.
> 2. LastPass clearly publicly says it's *fraudulent malware*.

Where did they say that?

>
> Which do you dispute and what is your basis for that dispute?

That anyone called it "malware".

And because those words do not appear in the article you cited...

...not said by anyone.

[Alan]

On 2024-02-10 12:09, david wrote:
> Using <news:l2ofki...@mid.individual.net>, Jolly Roger wrote:
>
>>> It's about Apple boasting that they check for malware when it's clear
>>> that
>>
>> This app isn't malware.
>
> LastPass called it "Fraudulent Malware" and Apple subsequently removed it.
> After testing it for two days (according to the reports).

That's a lie; that LastPass called it "malware".

>
> So what's clear is it didn't meet Apple's requirements.
> And yet, it was there. Which likely indicates plenty of others are also.
>
> That it happened clearly shows Apple's boasts are hollow.
> That's what you don't like.
>
> And you shouldn't like it.
> Blame Apple. Not LastPass.
> All LastPass did was inform Apple the app passed Apple's checks and yet the
> app clearly does not meet Apple's boastful requirements.
>
> Otherwise, Apple wouldn't have removed it after investigating it for days.

You have yet to show that anyone called it "malware".

[Jolly Roger]

On 2024-02-10, david <th...@is.invalid> wrote:
> LastPass clearly publicly says it's *fraudulent malware*.

Liar. Your own article disputes your obvious lie:

<https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>

All you trolls have are weak lies. Pathetic.

[Jolly Roger]

On 2024-02-10, david <th...@is.invalid> wrote:

> Using <news:l2ofki...@mid.individual.net>, Jolly Roger wrote:
>
>>> It's about Apple boasting that they check for malware when it's
>>> clear that
>>
>> This app isn't malware.
>
> LastPass called it "Fraudulent Malware"

That's a lie, as anyone who reads your article can see:

<https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>

Weak troll, as usual.

[Hank Rogers]

Alan Browne wrote:
> On 2024-02-10 14:54, david wrote:
>> Using <news:kqLxN.280713$Ama9....@fx12.iad>, Alan Browne
>> wrote:
>>
>>>> Nobody could deny this app easily slipped through Apple's
>>>> checks and nobody could deny it took Apple too long to
>>>> react (at least if you ask
>>>

>>> Again you don't understand what happened.  No surprise.

>>
>> What do you disagree with of my understanding based on the
>> reports?
>>
>> 1. *Apple pulled it* after LastPass asked them to remove it.
>> 2. Apple took a few days and then fully *agreed* with LastPass.
>> 2. LastPass clearly publicly says it's *fraudulent malware*.
>>
>> Which do you dispute and what is your basis for that dispute?
>
> You said it passed through Apple's checks.  Quite right.  Of
> course it did, because it was not malware per se.  It is
> imposter ware, perhaps, and there is no way Apple could control
> for that.
>
> Lastpass did __not__ say the imposter was malware, by the way.
>
> As explained elsewhere, when one trusts Lastpass or 1Password
> to be a password locker manager, one is putting full faith in
> their reputations - fact is, if they wanted, they could be
> sucking all the data out of your "locker" along with the
> decrypt key and use it maliciously.
>
> Fortunately they have instead earned the trust of millions of
> users to use their products as reliable purpose made apps.
>
> As to the imposter ware, it is malware free as far as anyone
> knows, but nobody has tested it sufficiently to see if it is
> trustworthy.
>
> Now I expect the above is confusing to you, because you are
> what you are.
>
>

Apple is always treated unfairly.

Why does everyone persecute this poor little company?

It's a damn shame.

[Andrew]

Jolly Roger wrote on 11 Feb 2024 01:10:07 GMT :

>>>> It's about Apple boasting that they check for malware when it's
>>>> clear that
>>>
>>> This app isn't malware.
>>
>> LastPass called it "Fraudulent Malware"
>
> That's a lie, as anyone who reads your article can see:
>
> <https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>
>
> Weak troll, as usual.

So the fraudulent app had never made it into the Apple App Store then?

[Andrew]

Alan Browne wrote on Sat, 10 Feb 2024 17:03:28 -0500 :

> Because LastPass protested over the imposter ware attempting to pass it
> off as a LastPass product.

So it never happened?

[david]

Using <news:uq91ea$35tc$1...@dont-email.me>, Alan wrote:

>> What do you disagree with of my understanding based on the reports?
>
> The part where you called it "malware"?

That doesn't matter.

It was fraudulent. It stole credit card and personal information.
It wasn't LastPass but it pretended in look & feel to be LastPass.

The chance of it not being malware is zero - but you can believe it was
just trying to give people an alternative way to access LastPass.

Whether it exercised its payload yet or not, it was in the App Store.
That Apple booted it means it didn't pass Apple's stated requirements.

That it was in the App Store means Apple doesn't test for fraudulent apps.
Why did Apple allow it into the App Store if they never tested it first?

[david]

Using <news:l2ql1j...@mid.individual.net>, Jolly Roger wrote:

> Liar. Your own article disputes your obvious lie:
>
> <https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>
>
> All you trolls have are weak lies. Pathetic.

That doesn't matter. It's like the Judge convicting someone for shooting a
person in the torso and you insist it didn't happen because he shot him in
the abdomen (it's just your weak excuse solely by you playing on words).

[Alan]

On 2024-02-10 22:05, david wrote:
> Using <news:l2ql1j...@mid.individual.net>, Jolly Roger wrote:
>
>> Liar. Your own article disputes your obvious lie:
>>
>> <https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>
>>
>> All you trolls have are weak lies. Pathetic.
>
> That doesn't matter. It's like the Judge convicting someone for shooting a
> person in the torso and you insist it didn't happen because he shot him in
> the abdomen (it's just your weak excuse solely by you playing on words).

No. It's like the judge ruling that shooting a firearm that doesn't it
anyone isn't murdeer.

>
> It was fraudulent. It stole credit card and personal information.

It was fraudulent in that it tried to convince you it was LastPass.

There is no evidence that it "stole credit card and personal information".

> It wasn't LastPass but it pretended in look & feel to be LastPass.
>
> The chance of it not being malware is zero - but you can believe it was
> just trying to give people an alternative way to access LastPass.
>
> Whether it exercised its payload yet or not, it was in the App Store.
> That Apple booted it means it didn't pass Apple's stated requirements.
>
> That it was in the App Store means Apple doesn't test for fraudulent apps.
> Why did Apple allow it into the App Store if they never tested it first?

You have no evidence that it was tested...

...Arlen

[Alan]

On 2024-02-10 22:02, david wrote:
> Using <news:uq91ea$35tc$1...@dont-email.me>, Alan wrote:
>
>>> What do you disagree with of my understanding based on the reports?
>>
>> The part where you called it "malware"?
>
> That doesn't matter.

You want it not to matter...

...now.

Because you were wrong...

...Arlen

[Alan]

Making it into the App Store doesn't make it "malware" that Apple didn't
catch...

...Arlen

[Alan]

On 2024-02-10 21:56, Andrew wrote:

It was never malware...

...which is what you claimed...

...Arlen.

[Alan Browne]

Not at all. When it deserved its lumps, it gets them.

This is not such a case. But the trolls will take any event and recast
it as something dear to their shriveled little hearts.

And you of course have to come up with your weak ripostes.

[Alan Browne]

Again you're miscasting what Apple look for. With millions of apps they
can't possibly look at what every app is purporting to do. What Apple
does do is scan the app (using automated tools) looking for code that is
common to malware. This imposter app had no such code.

The legitimate LastPass passes these tests. And if it were designed to
fraudulently transfer people's personal data to LastPass ... it STILL
would pass these tests.

LastPass and 1Password (and others) operate on trust they have earned
over many years.

[Jolly Roger]

You think adults don't notice you trying to deflect from the fact that
it's not malware? How old are you, 10?

[Jolly Roger]

On 2024-02-11, Andrew <and...@spam.net> wrote:

Like a child, you claimed it's supposedly malware, with zero evidence
that it is, and like a child you are desperately trying to deflect.

[Jolly Roger]

On 2024-02-11, david <th...@is.invalid> wrote:
> Using <news:uq91ea$35tc$1...@dont-email.me>, Alan wrote:
>
>>> What do you disagree with of my understanding based on the reports?
>>
>> The part where you called it "malware"?
>
> That doesn't matter.

Lies don't matter, eh? What a childish position to take.

[Jolly Roger]

On 2024-02-11, david <th...@is.invalid> wrote:

> Using <news:l2ql1j...@mid.individual.net>, Jolly Roger wrote:
>
>> Liar. Your own article disputes your obvious lie:
>>
>> <https://arstechnica.com/security/2024/02/a-password-manager-lastpass-calls-fraudulent-booted-from-app-store/>
>>
>> All you trolls have are weak lies. Pathetic.
>

> That doesn't matter.i

It absolutely does matter. You're just desperate to deflect from your
outright lie.

[Alan]

On 2024-02-11 12:50, Peter wrote:

> Alan Browne <bitb...@blackhole.com> wrote:
>>> Apple is always treated unfairly.
>>
>> Not at all. When it deserved its lumps, it gets them.
>

> Apple brags so much about safety but Apple actually checks nothing.

This thread presented no evidence that Apple neglected anything related
to safety.

>
> For a company that boasts as much as Apple does, they deserve to be
> lambasted when it's clear they don't have a single check for fraudulent
> apps which steal your data because people think they're the real thing.
>
> Given Apple removed the app, it's likely Apple didn't check it even once.
Apple didn't check its NAME, doofus.

[Alan]

On 2024-02-11 13:05, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>> It absolutely does matter.
>
> Two things matter.
>
> Apple brags that they vet apps for fraudulent activity.
> Yet this proved that Apple does not vet apps for fraudulent activity.
>
> That this fraudulent app stole people's data under the ruse of being the
> real thing doesn't really matter as much as the knowledge that Apple brags
> they check for fraudulent activity that Apple clearly does not check for.
>

You're switching nyms a lot this week...

...Arlen.

[Jolly Roger]

On 2024-02-11, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> What a childish position to take.
>

> Apple didn't run a single basic check

Weak lies are all you have. You're boring.

[Jolly Roger]

On 2024-02-11, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> and like a child you are desperately trying to deflect.
>

> What matters is

What matters is you lied claiming this app is supposedly malware when
it's not.

[Jolly Roger]

On 2024-02-11, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> It absolutely does matter.
>
> Two things matter.

One thing matters: You lied about the app supposedly being malware

[Alan]

On 2024-02-11 21:38, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>>> Apple didn't run a single basic check
>>
>> Weak lies are all you have. You're boring.
>

> What Apple did was brag about the safety of apps they never checked.

Nothing presented so far even supports that claim...

..Arlen.

>
> You claiming it's a lie that it happened is how you reconcile that you
> can't come up with any excuse for why Apple doesn't do what they say.
>
> To make the ugly truth about Apple "go away", you say it never happened.
> And yet, it did.

[Jolly Roger]

On 2024-02-12, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>>>
>>> Apple didn't run a single basic check
>>
>> Weak lies are all you have. You're boring.
>

> What Apple did

More childish deflection. What you did was lie claiming this app is
malware when it isn't.

[Alan]

On 2024-02-12 13:00, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> More childish deflection.
>
> You're not addressing the issue which is that Apple brags about testing
> apps & yet Apple clearly doesn't test for even the simplest of things.

You're not addressing the issue you of you lying.

[Alan]

On 2024-02-12 13:05, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> One thing matters
>
> Finally you agree that while Apple brags about testing apps, the one thing
> that matters is that Apple does not test apps for fraudulent activities.
>
> The only way Apple will ever know that fraudulent apps have stolen your
> data is only after someone calls up Apple to tell Apple about it.
>
> Hence, it's not Apple who tests apps for fraudulent activities.
> It's you.

Finally, you agree that you lied about this being an issue of malware.

[Alan]

On 2024-02-12 13:07, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> How old are you, 10?
>

> I understand that you attack the messenger because you don't like that
> while Apple brags on and on about how great they are at testing apps, the
> proof shows that Apple doesn't ever test them for fraudulent activity.

I understand that you don't have a clue.

[Alan]

On 2024-02-12 13:27, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>> What matters is you lied
>

> Actually, what matters for billions of people who use the Apple App Store
> is that Apple lied that they vet the apps for safety (since they don't).

Nothing you've posted so far provides any support for that claim.

Nothing, Arlen.

[*Hemidactylus*]

Peter is on the summit of Mount Stupid.

[*Hemidactylus*]

Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>> What matters is you lied
>

> Actually, what matters for billions of people who use the Apple App Store
> is that Apple lied that they vet the apps for safety (since they don't).
>

How far to the left are you on the Dunning-Kruger graph?

[Jolly Roger]

On 2024-02-12, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> More childish deflection.
>
> You're not addressing the issue

You're not addressing thatyou lied claiming the app is malware when it
is not.

[Jolly Roger]

On 2024-02-12, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> One thing matters
>
> Finally you agree

Weak lies and childish deflection are the only tools you have in your
belt, pitiful old troll.

[Jolly Roger]

On 2024-02-12, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> How old are you, 10?
>

> I understand that you attack

Act like an adult and people won't wonder about your age.

[Jolly Roger]

On 2024-02-12, Peter <conf...@nospam.net> wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>> What matters is you lied
>

> Actually

Nope, you lied.

[Alan]

On 2024-02-12 17:57, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> Nope, you lied.
>
> In this case, you're attacking me because you hate Apple lied to you about
> testing apps in the App Store - which is why you're defending Apple's
> complete lack of testing by claiming you only care about malware and not
> about fraudulent apps that steal your confidential credit-card data.
>

Nope.

You lied.

[Alan]

On 2024-02-12 18:00, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:
>> Weak lies and childish deflection
>

> You hate that Apple didn't test for the most basic tests anyone should do.
> So you lash out at me - simply for explaining what Apple doesn't deny.

Nope.

You lied.

Plain and simple.

[Alan]

On 2024-02-12 18:01, Peter wrote:
> Jolly Roger <jolly...@pobox.com> wrote:

>> You're not addressing that
>
> What's revealing is how much you hate Apple for not testing for fraudulent
> apps to the point that you lash out at others simply for stating that fact.
>

Nope.

What's revealing that when confronted with your lies...

...you try and pretend they didn't happen.