Wednesday, March 19, 2014

The FAKE iOS "Tor Browser":
Delete Now


UPDATE! [2014-03-21 @~12:40 AM ET]: According to The Register, Apple has at last pulled the FAKE 'Tor Browser' from the App Store. Hurray. If you haven't deleted it from your iOS devices, please do so immediately.

Tor Project claims 'fake' Tor Browser sat in iOS App Store for months
Team Onion raises a stink over shady app which Apple ignored – until this afternoon
As of 1545 Pacific Time, the miscreant app is no longer available through a direct link and does not appear in search results. Earlier in the day, however, both direct links and search results brought up the Tor Browser application in question. 
As we have come to expect, Apple did not respond to a request for comment on the matter.
~ ~ ~ ~ ~ ~ ~

Original Article:

Dan Goodin @ArsTechnica today posted a revelational article about a FAKE "Tor Browser" that was snuck past Apple's App Store vetting system. If claims prove to be true, this is profoundly bad and discouraging.

Fake Tor browser for iOS laced with adware, spyware, members warn
Title available since November raises questions about App Store vetting process.
"Tor Browser in the Apple App Store is fake," a report ticket published two months ago on the Tor website by high-ranking volunteer Phobos stated. "It's full of adware and spyware. Two users have called to complain. We should have it removed."
The ticket went on to say that Tor officials notified Apple of the fake Tor Browser app app in December. In the intervening time, the app has remained available, touching off a series of exchanges among Tor members about how to respond. Ars was unable to confirm the claims of adware or spyware. Still, the incident highlights the lack of transparency in the way that Apple vets the reliability of security apps and responds to complaints of rogue titles.
. . . 
Early Wednesday [today], some two months later, yet another Tor member wrote: "I think naming and shaming is now in order. Apple has been putting users at risk for months now." 
. . . 
This article will be updated if Apple officials, who are routinely silent on such matters, respond to our request for comment. 
I'll be keeping track of the situation. Apple's stumbling and bumbling regarding security has been a real bummer this winter. Pestering Apple in public has proven to be the best method of getting them to shape up and get serious. Consider this my bit of naming and shaming.

Wake up Apple! Please.


No comments:

Post a Comment