Scammed by the top result for 'Bitcoin wallet' in Apple App Store

blibble|2 years ago

I don't think I've ever searched for something on the app store and not got a scam as the first result

just tried it

    - my bank? I get crypto.com
    - train company app? knockoff app that charges extra fees
    - my broker? CFD gambling app
    - official government app for paying my tax? intuit product

I dare to think how many people this lures in

scammy ads plastered everywhere is what I'd expect from Google products

not for the Apple equivalent that commands a significant price premium

Rodmine|2 years ago

> scammy ads plastered everywhere is what I'd expect from Google products

This won’t fit with the manufactured popular understanding, but at the current time, Google protects you from fraud and scam better than anyone.

I have been unfortunate enough to be scammed recently from a bing search result (ad). (It was a new computer and I decided to use Edge and bing was the default search).

Apple, Microsoft etc. are rookies in this game. Google just has the benefit of experience and hence is much safer now than anyone can ever become in the near future. Because of this, scammers are much more likely to target other platforms… which happen to be Apple, Bing, Facebook etc.

crossroadsguy|2 years ago

On the contrary, as someone who has worked with both platforms as a developer, this is my personal opinion:

- Around a lot of things software, including the Play Store, Google’s safety and security, for all its ads, tracking and shenanigans, are real, largely verifiable, discussed openly, and pretty fucking robust (not to mention, most of it are actually open).

- Apple’s? Smoke and mirrors! Essentially some vague shit which often ludicrously boils down to Safest Shit Ever On an iPhone™ (and doesn’t go further than that) and never discussed or even offered a glimpse of.

cam_l|2 years ago

Hilarious. I don't think i have never seen or gotten a scam app (not including games, which I don't use) as the top result on Google Play.

In fact, I just used all your searches on Google play and got

- my bank

- the train company app

- my broker

- hmrc

The next 4 or 5 in each case were also legit. Maybe this is really something to be aware of if switching to apple? Certainly would not have been something I would have been expecting from apple (though I am pretty careful about vetting apps).

gumby|2 years ago

I am still surprised that when I search for a specific app (as you did for your bank) I still see junk ads before the real app shows up. Apple should be better than that. They seem to have the same bad incentive Google search does.

What is CFD gambling? When I read “CFD” I always think of computational fluid dynamics and so “CFD gambling” sounds pretty cool to me. Obviously I do know I’m just overfitting to a TLA and I’d like to know what it actually means.

habeanf|2 years ago

In hindsight, this is quite obvious. Coming from years of using Google Pixels I just got used to trusting the search results. I've never hit a fraudulent app when searching in the Play Store. I trusted apple that at least the top 5 results would be legit. EDIT: added the word 'top' at the end

thiht|2 years ago

When I first got an iPhone a few years back, this is the thing that shocked me most. This is completely out of line with what I expect from Apple. I don’t have "scams" per se, but the first result when searching for a keyword is systematically an ad for a competitor:

- Spotify -> Deezer

- Uber -> Heetch

- UberEats -> Deliveroo

- Deliveroo -> Ubereats

- My bank -> crypto.com

I have no idea why Apple allows buying trademarks/full app names as an ad keyword. Perfect matches should always have the app first, not an ad.

Is there something in the AppStore rules that prevent apps from buying the keyword ad for their own app?

kylecazar|2 years ago

Especially given they use enhanced security as an excuse so often

fakedang|2 years ago

Special mention, the f***ton of Whatsapp clients on the iPad when Whatsapp didn't have any releases for the iPadOS up until last September.

RulerOf|2 years ago

This has been a very noticeable problem to me for some time.

I won't search the App Store anymore. I go to the web site for the app I want and get the App Store link that way.

I wish the App Store listings would specify the domain of the entity they come from in plain text, backed by a validation method similar to what we do for TLS certs.

echoangle|2 years ago

Can you share some search terms you tried? I never had this problem, but I’m also not in the US so it might be different here

seanhunter|2 years ago

I don't recognize this picture at all. Even if you aren't distinguishing between ads and search results I'm not seeing scams as adverts but there may be a difference between the UK and US app stores in this respect perhaps.

For me on apple UK app store:

my bank - Ad: another legit bank. First result: my bank

Train company - Ad: a generic legit train booking app. First result: the train company

My broker - Ad: another broker. First result: my broker

Official government app for paying my tax - ad: a general tax app. First result: government app.

It stands to reason that they won't show an ad for the thing you're searching when it's the first organic result so I don't find this surprising.

[1] I have two and tried both. Results were the same with a different legit bank as the ad each time.

legulere|2 years ago

Do you mean the search result or the ad that pops in at the first space? For me all those have good results but all contain ads for more or less unrelated apps

I would also expect products with premium pricing to not contain ads.

OJFord|2 years ago

> my broker? CFD gambling app

I don't think 'gambling app' is a fair description given it's a regulated security, any broker that truly offers CFD trading is (1) going to be legit; (2) going to be competing with the broker you were searching for for result space.

Of course to serve its users any app store should massively prioritise the word/brand (incl. typos) you actually search for though.

iscrewyou|2 years ago

> I don't think I've ever searched for something on the app store and not got a scam as the first result

It’s cool to crap on Apple and all these days but this is all categorically false. What you are referring to is the Ad on the top of the page. It’s clearly labeled as ad and has a light blue box around the whole ad.

I tried all those things you mentioned and the first result after the clearly labeled ad is what I searched for.

TacticalCoder|2 years ago

TFA is talking about a literal scam, where his money vanished.

> - my bank? I get crypto.com

Although crypto.com is not a bank, they seem like a legit business and not a scam. Many people are using crypto.com: I know one person who has one such card and I asked a waiter if he had already seen cards like that (waiters gets to see many credit/debit cards a day) and he answered me that they weren't that uncommon.

> - official government app for paying my tax? intuit product

They may be using shady tactics but they are not a scam.

Animats|2 years ago

Apple statement on why the EU requiring open app stores is bad:

Schiller, an Apple veteran who once ran its marketing machine, said the moves to break the company’s closed ecosystem for software will undermine the privacy and security the company has worked to build into its products and services. “This isn’t our first choice,” he said. “We always want to have the highest standard everywhere in the world but we also have the requirement to meet the legal requirements in the local markets. “In the App Store we have a lot of signals that we are looking for every day to find scams and stop them,” Schiller said. “With these new marketplaces we won’t have visibility into those issues.”

Right.

mdhb|2 years ago

Also from Schiller.. the open web is a direct threat to our cash cow.

https://files.mastodon.social/media_attachments/files/111/95...

concinds|2 years ago

The company that claims to have "the highest standard everywhere in the world" for security and privacy, happens to run a major desktop platform (macOS) with only a primitive basic signature-based antivirus built-in. Instead they rely on Gatekeeper/notarization for the bulk of the protection, which is a pain for devs (when it doesn't work right) and less effective.

Same is now happening with iOS sideloading, instead of robust antimalware based on heuristics and app behavior (like Google Play Protect), they'll keep relying on blunt instruments like notarization. Doubt it'll keep users safer. Maybe it's NIH syndrome?

openthc|2 years ago

I thought the Apple platform had the best consumer experience and that's why folk love it -- it "just works" -- cause they keep the riff-raff out of their gated community.

Perhaps they let this one slip through because their team was too busy dragging out the review process for our cannabis compliance application, they can only afford so many reviewers after all. We wouldn't want children accidentally getting their hands on regulatory compliance data for deadly deadly cannabis. (which could happen with our application, after they had signed up and verified their agency cannabis license (which only takes many months/years and $$$$$s to get))

pie420|2 years ago

Apples app store is way worse than the google play store. i was shocked at how bad the app store is with shitty ads and promoted content over organic search results

unknown|2 years ago

[deleted]

DoodahMan|2 years ago

fwiw i hope yall get approved. thank you & take care.

andrei_says_|2 years ago

It did - before cheapo enshittification started creeping in. I believe some time ago I saw some research on the quality of App Store app review process … zero protection.

But, even at this stage, Apple is still “the best”, because of the slower pace of the corruption and in comparison to the toxic dumpster fire of the alternatives.

Android and Windows are spyware/malware masquerading as OSs.

secsubsc|2 years ago

I am in India and I can see the app on top spot (marked as Ad) when I search for Bitcoin Wallet.

My theory is, they paid for an Ad in a specific region and hence it started showing on top, people started downloading in that region, and that boosted the overall ranking for that app and hence people from other regions are seeing it among top results, even though its not an Ad there. Irrespective of the rating or freshness of the app, since it is getting downloaded in one region (because it is an Ad there), automatically it goes to top in other regions.

This trick can be used by other apps also, considering it would be cheapter to buy the top Ad spot in India and then it organically rises to the top.

rchaud|2 years ago

and in this scenario, Apple has no incentive to stamp this out as they make money either way.

ilamont|2 years ago

Promoted results in Google are loaded with scams. According to one recent report, 75% of brands are affected (https://searchengineland.com/google-search-ads-brands-fraud-...):

The researchers who conducted the report found that retail giants such as Amazon, American Airlines, Lego, Pizza Hut, and Samsung were all victims of identity fraud within Google Search Ads.

Here's a Google SERP for "Facebook" which shows Facebook as the URL, redirects to an Apple security scam: https://youtube.com/shorts/gTEuqXYAp58?si=lzFV9mfX31_8nzd1

Google even vouches for the advertiser:

https://twitter.com/leanmediaorg/status/1724467969344905534/...

klabb3|2 years ago

That’s insane, and news worthy. Imagine non-techies just trying to go about their day and getting that.

But hold on a sec. Is this verified by others? The guy in the video cuts to a screenshot, which doesn’t show the resulting url or how he got there, so it’s hard to tell what happened.

callalex|2 years ago

This is about app stores, not web searches. Google Play Store does not suffer from this issue to the same degree at all.

charcircuit|2 years ago

>Google even vouches for the advertiser

Google vouches that the advertisers is who is he says he is. Google is not vouching for the reputation if the advertiser.

habeanf|2 years ago

It wasn't a promoted result, it's an organic search result, and it's still there!

KomoD|2 years ago

> does a scam app become the #1 organic search result (not promoted) in the app store

It's possible that it's just because it was literally called "Bitcoin Wallet", an exact match for your search, or boosted by fake reviews, or it was actually an ad that you didn't notice. Though it shouldn't have gotten past review at all

But I don't really understand why you'd blindly trust some random app?

Also, would be interesting to take a look at the app, sadly know nothing about ios apps or how to get the IPA, only android.

habeanf|2 years ago

You're right, I shouldn't trust a random app. Also, it's pretty much my first serious foray into Apple land. I trusted Apple's search results. There are multiple apps, far more mature and backed by serious developers, that would also match the phrase "Bitcoin Wallet".

The question is why is the scam app the #1 organic search result? For a new app with such scammy reviews and questionable metadata I would expect it to be #30 in the list. For context, the app store reports the scam app as #85 in all finance apps.

trothamel|2 years ago

> But I don't really understand why you'd blindly trust some random app?

Perhaps because Apple claims their apps go through a review process, and one would hope this would have failed that process? That's what Apple claims the value proposition of their 30% cut and closed platform are.

schappim|2 years ago

Don't worry, everyone. Apple can now afford to hire some app store reviewers by using the revenue from its new "Core Technology Fee." This fee requires developers to pay Apple €0.50 for every first annual installation exceeding a threshold of 1 million for apps distributed outside the App Store.

callalex|2 years ago

But I've been assured that the 30% protection racket Apple charges is justified because they spend so much effort curating their store. I'm assured by Apple's latest press release that the web is full of scams and only they can protect me from it.

dkobia|2 years ago

It is both impressive and concerning how well their app store optimization efforts were, for what seems like a major keyword/phrase. These type of shenanigans were usually reserved for the Play Store. No more.

To be fair many crypto wallet apps are deceptively simple applications.

hooksfordays|2 years ago

Replying to verify I see the same app almost at the top of search result. Based in Canada and searching “Bitcoin Wallet”, it was the 2nd non-promoted result.

I have only 1 other app of this variety on my phone currently and haven’t used it or searched for anything crypto related including months.

kps|2 years ago

Same for me, second result. I've never had anything crypto-related on my phone.

yosef123|2 years ago

So much for Apple "security"

charcircuit|2 years ago

Security isn't binary and it should be compared relative to other platforms.

egobiawa2|1 year ago

I really Thank the AllMighty for helping me get back on my feet after i lost a huge amount of fund in a facke online platform. I will not say the amount just for security reasons but i lost almost everything i made as a banq manager for 33 years. I was literally having so many b*d thoughts of things to do to myself, not until i met an old highschool friend who introduced me to a recovery expert here [ Wassap : +1 ( 6 5 7 ) 2 6 2 4 4 8 2] who helped her with her crypto skam few months ago. it took just 48 hours to start and finish the recovery and i got all my loses back, it feels so wonderful i didn't believe a day likethis will ever come to pass, but yes it did. I shared their contakt above just incase anyone here finds themselves in similar situation ever. and this is their Emeil too Refundpolici (At) Gmail (Dot) Com

lnxg33k1|2 years ago

It is very important that common people understand that the Apple App Store is not a way to outsource their own security and blindly install whatever they find on it, personally I was always convinced that Apple Marketing about the security of their App Store in regard to opening competition sources of app installs, has done a lot of damage to their users for the benefit of their shareholders, and if I was a Apple user I would be pretty upset for them up to the point where I would be unable to trust them. Whatever the source you're responsible for your own safety. Don't be a victim of marketing departments.

tapland|2 years ago

What was the justification for the app store ecosystem?

visarga|2 years ago

To cut Apple in all transactions, and maximize grift by having just scam apps

rchaud|2 years ago

Steve Jobs saw what Steve Case had with AOL and thought "we need to be doing that".

aws_ls|2 years ago

This is understandably shocking. The way I have chosen bitcoin wallets is searching for trusted brands in the space using Google, and going to their website and then installing the app.

Shosty123|2 years ago

That's actually quite worrisome. I don't really think twice about downloading the top result for things like PayPal or local banking apps if I get a new phone, for example.

echelon_musk|2 years ago

Why did you have to transfer bitcoin? Surely you would just load your private key into the app unless I'm missing something.

habeanf|2 years ago

Honestly, I got lazy, and that's on me. I was using the standard bitcoin wallet app on android. It did seem weird I can't restore the wallet I backed up in the android app, but the android app github doesn't point to an app store app, so I figured there just isn't and the android app's backup format is something detached.

Then I figured a legit apple app could generate a wallet and I could transfer the bitcoin between them. Which is what I did. The apple app indeed received it and promptly sent it off somewhere else. What's even crazier is that the apple app shows this info! You'd expect the scammer to hide the scam but I suppose it just made it easier to pass the app store inspection.

jackblemming|2 years ago

Guys Apple told me if I gave up all my freedom they would keep me safe.. I don’t feel so good..

DangerousPie|2 years ago

Must be region/account specific. I get crypto.com, bitcoin.com and coinbase as the top three results. Nevertheless I agree these should be moderated better and scam apps need to be removed quickly.

moribvndvs|2 years ago

Working as intended. Apple has repeatedly rejected an update to an app that we have recently updated because it had a link to our help site which links to our main site which has an option to purchase a subscription. Despite us having published 60 versions successfully until today, that link being there and unchanged the entire time. But this sort of shit, no problem go right on through, sir.

m463|2 years ago

There might be an argument that the app store itself is the scam.

I think there are ~ 3m apps available right now. Apple is the only place (currently) to sell apps, or buy apps. They interpose themselves, and do a poor job of things. How can a buyer make his apps visible? How can a seller find anything?

There should not only be more app stores, there should be markets and communities and personal apps.

Greg243|1 year ago

i am open to share my experience with bitcoin investment and losing

money to scammers. However, yes it is possible to recover your stolen

bitcoins. I never believed in bitcoin recovery because I was made to

understand that it was not possible. However, sometime in October I fell

for a forex scam which promised overly high returns and I ended up

losing close to $55,000. I searched for a month for help until I finally

came across an article on reddit in regards to recovering stolen

cryptocurrency so I reached out to them (IBRAHIMFINLEY8 @ gmail, com) I

was so scared and skeptical because I have heard of bad experiences but

I decided to give him a try and to my greatest surprise I was able to

get all my stolen bitcoins recovered from the scammers within a very

short time frame.

ametrau|2 years ago

I have been scammed before by the top result also. So not only are they taking a 30!!!!!% tax on developers (not only on profit) but they milk ad. money from shysters. Yet you still have the just “use another phone” / don’t release your app with them people. Yeah who? Monopoly B?

swatcoder|2 years ago

When I perform your search, I get legitimate results at the top, and I don't see the specific app from the Reddit thread. But about at about rank #7, I see an app that uses a distorted form of the same logo, a different unfamiliar publisher, a slightly altered title and a similar smattering of only a few reviews.

It sounds like somebody is burning developer accounts to keep reposting the scam app. Not unlike people being banned from a website and then resubscribing with a different email or through a VPN or whatever. It slipping through into your results isn't so much plain neglect as it is an arms race that Apple is on the losing side of this time.

Robust algorithmic ranking and moderation at scale is a myth, though, and you can find this happen pretty much everywhere. This one will probanly get squashed with some near-term update to their algorithm, and then get compromised again sometime later since crypto is so ripe for scamming.

You can't escape personal due diligence and "it was top ranked!" has never been that.

zizee|2 years ago

> You can't escape personal due diligence and "it was top ranked!" has never been that.

Apple continually makes claims that the closed ecosystem is essential to the safety of their customers, that they have a robust review process, and that their customers choose them because of the safety they provide. Apple should stop repeating these claims if they are not, in fact, reliable protection against scams.

habeanf|2 years ago

Posted above the screen recording: https://streamable.com/y5nhy7

> You can't escape personal due diligence and "it was top ranked!" has never been that.

On one hand that's a fair point and I should've known better. OTOH I think it is legit to trust top app store search results to return quality apps, especially if there is a massive disparity between their quality. The scam app has obvious repetitive spam reviews. The developer's website is terrible and the submit button doesn't even work. This is basic quality control on apple's part. If every single app store user needs to manually vet every single app they install to the proper extent there would be a fraction of a fraction of the installs and respectively, a fraction of a fraction of the revenue.

Consider the extent of lawsuits between apple and companies with app store apps - does it not strike you that apple protects that revenue stream? Wouldn't it make sense to give app store users a sense of trust in the top search results?

ur-whale|2 years ago

> Earlier today I decided to switch my Android for an iPhone.

Mistake #1 : switching to an even more closed computing environment, where user has strictly no control

> android

Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden

> wallet

Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money

> but its still up there, #1 search result.

Mistake #4 : trusting that Apple is making huge efforts to secure their environment.

In the same vein as "not your keys, not your coins" :

    - "trust the vendor, not your coins"

    - "not your hardware, not your coins"

    - "not your operating system, not your coins"

    - "not your key management software, not your coins"

    - "not open source and therefore not auditable, not your coins"

habeanf|2 years ago

> Mistake #1 : switching to an even more closed computing environment, where user has strictly no control

I've been with Google Nexus and Pixels for many years, roughly starting with the Nexus One. Ironically, I switched from an iphone 3GS at the time that I owned for a few months.

After many years of being on windows, then linux, then Mac, then back to linux, now back to Mac with linux on ssh, my conclusion is that user control doesn't necessarily mean a better user experience. A closed computing environment allows for consistency and sturdiness. When you start looking at your phone as a device, rather than as a computer, it becomes obvious.

> Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden

I don't control android in any way. I could read its source code if I really, really wanted to but why would I? I want a product. A device. Would you read the source code of your washing machine? Dish washer? At some point you want to live your life and stop reading anything and everything as if you actually have enough time to tinker with all of it.

> Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money

Meh. 'Significant amounts of money' is subjective. Some would say the amount of money I lost would be a life changer, some would shrug it off as a yearly bonus on the lower end of the scale. Fact is, I had my bitcoin on some version of a pixel for roughly 7 years and never had a problem.

> Mistake #4 : trusting that Apple is making huge efforts to secure their environment.

They made a huge effort to secure their hardware; its some of the best in the world. The thing is they put a ton of focus on hardware security but hardly enough on software / service stuff. In this case, the app store search was compromised by some bots leaving reviews.

Your general theme seems to rely on having access to open source on all levels leads to more security.

This is patently false. For example, the vast majority of smartphones use baseband processors that are not just closed source with closed source drivers, but the ICs themselves are tightly guarded secrets by their manufacturer (probably Qualcomm). There are probably a dozen or so chips in every smartphone running all sorts of firmware you have no access to. Same goes for computers.

In fact, I would argue that Apple's model might be the most secure, because they do SoC, which requires they know far more about and have much more control over the inner workings of every sub component.

fingerlocks|2 years ago

No repro. Same search string gives me the Bitcoin.com and the Coinbase app at the top. Scrolled through several dozen wallet apps and the one in the Reddit link never surfaced.

habeanf|2 years ago

Here is a screen recording including this hacker news post + your comment & and a switch to the app store with the search phrase. The first result is the scam app. I scrolled down so you can see where serious apps are in the list of results. https://streamable.com/q2mulu

habeanf|2 years ago

I just took a screenshot of the app store about an hour ago: https://pasteboard.co/bZ7qQvAzYggy.png

unknown|2 years ago

[deleted]

visarga|2 years ago

AppStore is a fucking desert, no legit apps or games. Their only purpose is to trick people into recurring payments ($10/week for a Minecraft skin anyone?) or ask very high prices for addons.

It's a tragedy for parents who look for games for their kids, 99% scam. That's why Apple Arcade even exists. You can't find any legit games in the normal range $1-$20 one time payment and all features enabled.

To me this shows Apple is past its good phase and deep into the dark phase, where their only purpose is to milk present users of all their worth. Enshittification for profit.

MagicMoonlight|2 years ago

And this is why bitcoin is a worthless pyramid scheme. People have kind of stopped arguing it has any value now but back when they used to pretend it was a currency they acted like it’s something people would use.

Who would ever use a currency that can just be stolen like this? No way of getting anything back. No security. Slower than a bank transfer now.

justinclift|2 years ago

At this point, I'm about 80% sure that a lot of these scam apps are being approved by corrupted Apple review staff.

So many of them are blatantly scams that it's not credibly "human error".

kgdiem|2 years ago

Any idea where they’re based? Are they global? They do my reviews at weird times.

lum0r|2 years ago

Have you tried following the transaction trail on the blockchain?

habeanf|2 years ago

Yes, but how does following the tx trail help me in any way? They've moved the BTC a few times since the wallet sent it to them.

nojvek|2 years ago

App Store is as scammy as Google play store.

Apple vets every app through their review team but it’s a shit show of inconsistency.

Apple’s wall garden doesn’t do much other than rent seeking.

I got scammed in an ethereum site back in the day. Wasn’t a big loss but it was the straw that broke camel’s back.

If it was my credit card, I would have been refunded. Coinbase did fuck all, couldn’t even reach a real human.

I sold all my crypto a few months later.

Crypto and stock market move in tandem. Crypto has much higher trading fees. Fidelity gives me zero fees.

From a value investing perspective, crypto was a bad and unsafe investment.

I agree that folks who got in 10 years early made a fortune, but last few years have lackluster growth.

Lockal|2 years ago

1) You see recently visited apps on top of search results. Same applies for Google/Yandex (unless you turned off specific personalization settings). It is a feature to save your time from scrolling.

2) Post on Reddit is FUD from competitors (newly created account included). People who transfer C$150k know exactly what to do when they lose money (no, they don't visit /r/Bitcoin to ask "any chance of fund recovery or all gone?"). Don't promote FUD on HN.

habeanf|2 years ago

When I installed it, it was the #1 organic search result. Other commenters report seeing the same app as #2 organic search result.

Just because an account is newly created does not make their first post FUD. Their story is precisely what happened to me, although for a slightly smaller amount of money.

endisneigh|2 years ago

Sad to say but it seems pretty are pretty dumb. Robinhood yields robinhood for first non-ad app, same with Bank of America, chase, Citi, etc. do people really just click the first thing they see? Wow.

As for the example - can’t replicate, but seems crazy to put a seed phrase into some random app you didn’t get yourself. Even if the app wasn’t a scam.

npteljes|2 years ago

>do people really just click the first thing they see?

It's just people behaving in a certain way, and that being exploited. If people had a different behavior, the exploit would be different too.

habeanf|2 years ago

I didn’t put a seed phrase into the app. I created a new wallet in it and transferred the btc to it.

Moore34|1 year ago

[deleted]

triu67|1 year ago

[deleted]

RoosevelLester|1 year ago

[deleted]

Bettye22|1 year ago