Malware

Apple let a movie piracy app reach #2 in Entertainment in the U.S. App Store

Posted on by

On Tuesday, May 12, a researcher named Kedsayahm noticed that an app that featured pirated TV shows and movies was quickly climbing the charts in the App Store. The app was already #1 in the Entertainment category in Egypt at the time, and in the top 10 for Entertainment in at least three other countries: Saudi Arabia, Italy, and Germany. It was also #21 in the Entertainment category in the United States, and #170 in the Top Free in the U.S. as well.

To prove that the app could be used for piracy, Kedsayahm created a screen recording demonstrating that, upon launching the app for the first time, it took just over 20 seconds to find and start watching the first episode of House of the Dragon, HBO’s Game of Thrones spinoff. (The show can only be watched legally in the U.S. with a subscription to HBO’s Max streaming service.) Other pirated shows were visible in the screen recording, such as the Disney+ exclusive Star Wars series Obi-Wan Kenobi, and the Netflix-exclusive series Monster: The Jeffrey Dahmer Story.

The next day, on May 13, the researcher posted an update that the app had reached #9 in Entertainment in the U.S., and was #75 in Top Free in the U.S.

“No reaction from Apple,” Kedsayahm commented.

By May 14, the app had reached astounding highs: #2 in the Entertainment category in the U.S., and #18 in the overall Top Free list in the U.S., in the iOS App Store. This is especially surprising considering that the app’s name, tagline, icon, and screenshots were all in Arabic—even in the English-language U.S. App Store.

Apple may have directly profited from piracy

It’s unclear how the app got past Apple’s approval process (and human review) in the first place. It’s also shocking how quickly the app rose to popularity worldwide.

But another concerning aspect of the story is that the app included in-app purchases: $5.99 to supposedly remove ads (no ads were visible in the researcher’s screen recording), and 99¢ to “tip” the developer. Given that Apple takes either a 15% or 30% cut of in-app purchase revenue, the app’s popularity implies that Apple may have directly profited from this piracy app.

In the afternoon of May 14, within a few hours after I posted on social media about the record-high U.S. rankings, Apple finally removed the app from the App Store.

Also, yet another fake cryptocurrency app: PancakeSwap

Also last week, there was yet another fake cryptocurrency app in the App Store. It seems to have first been reported on publicly on May 11, a day before the piracy app was called out. This app used the logo and name of PancakeSwap, a decentralized finance (DeFi) site that doesn’t have an official app. According to a report, the app attempted to defraud victims by tricking them into connecting their cryptocurrency wallets and giving up their seed phrases; doing so would give the scammers the ability to steal from the connected wallets. Apple finally removed the app, apparently about four days after the first public reports about it emerged. (This is at least the third time a fake PancakeSwap app has been approved in the App Store; the next most recent was reported publicly on February 28.)

Does this sound somewhat familiar? If you’re a regular reader of this blog, you may recall that just last month we wrote about two other supposed finance apps that called themselves Curve Finance and Rabby Wallet. Again, neither of these companies had an App Store app (although, ironically, Rabby Wallet had an official app that was still awaiting Apple’s review, while the scam app got approved). The fake Rabby app reportedly stole over $100K of cryptocurrency from victims.

What does this tell us about the reliability of Apple’s app review process?

Time and time again, Apple’s review team continues to approve fraudulent apps designed to mimic the logos and names of (or in some cases, directly stealing them from) real developers. Just this year, we’ve previously written about a fake LastPass Password Manager and fake Curve Finance and Rabby Wallet apps.

To our knowledge, Apple has, so far, not faced any lawsuits or any significant consequences for allowing such apps into the App Store.

So much for Apple’s supposedly safe and secure “walled garden.”

The EU’s new Digital Markets Act allows for third-party app marketplaces (app stores) on iPhones in EU countries. Apple would like us to believe that this law imperils the safety and security of its iOS platform. But, arguably, third-party stores could theoretically be safer than Apple’s. Apple will still require apps distributed through third-party stores to undergo a “human review,” presumably of similar caliber to the current App Store human review process. However, third-party app stores will presumably do their own vetting aside from Apple’s, meaning you may get an extra set of eyes scrutinizing an app before it’s made available to the public. But this potential for slightly better safety from third-party app marketplaces is only theoretical for now; we’ll have to see what track record third-party stores end up having as they become more commonplace in the EU.

Apple has a major problem over-approving apps

In case it isn’t clear by now, Apple has a serious problem approving apps that are potentially dangerous and may violate laws. Given the highly sensitive information that people put into finance-related apps and password managers, Apple has a moral obligation to more carefully review sensitive categories of apps in the App Store, at minimum.

But as we’ve seen with the piracy app, Apple has a much more general problem with not carefully reviewing apps, sensitive categories aside. While this piracy app may or may not have caused direct harm to those who downloaded it, the fact that it could slip past Apple’s review process leaves one to wonder how often potentially harmful apps get approved, and how many of them may still be out there.

Bottom line: be careful whenever you download apps—even from the official Apple App Store.

Unless Apple begins to face significant public pressure to improve its practices, it doesn’t seem very likely that Apple will change. We urge responsible mainstream and tech journalists to join with us in drawing attention to Apple’s consistently bad behavior.

What should I do if I’ve downloaded a fake or unethical app?

If you installed a piracy or scam app by mistake, be sure to uninstall the app from your device. On an iPhone, iPad, or iPod touch, press and hold on an empty area of the Home Screen until the apps start to wiggle, then tap the ⊖ (circled minus symbol) in the top-left corner of the app icon. (Learn more about uninstalling apps on an iPhone or iPad.)

Some apps designed for iOS or iPadOS can also run on other Apple platforms. If you installed an unethical app on your Mac, you can drag it from the Applications folder to the Trash, as with other apps from the Mac App Store.

To uninstall an app on Apple Vision Pro, pinch and hold on it, and then tap Remove App. (Yes, at least one of the apps mentioned above, the fake LastPass app, could indeed run on Apple Vision Pro.)

If you made a purchase related to an unethical app, follow Apple’s procedure to request a refund.

How can I keep my Mac safe from malware?

Intego X9 software boxesIntego VirusBarrier X9, included with Intego’s Mac Premium Bundle X9, is a powerful solution designed to protect against, detect, and eliminate Mac malware and potentially unwanted apps (PUA).

If you believe your Mac may be infected, or to prevent future infections, it’s best to use antivirus software from a trusted Mac developer. VirusBarrier is award-winning antivirus software, designed by Mac security experts, that includes real-time protection. It runs natively on both Intel- and Apple silicon-based Macs, and it’s compatible with Apple’s current Mac operating system, macOS Sonoma.

One of VirusBarrier’s unique features is that it can scan for malicious files on an iPhone, iPad, or iPod touch in user-accessible areas of the device. To get started, just attach your iOS or iPadOS device to your Mac via a USB cable and open VirusBarrier.

If you use a Windows PC, Intego Antivirus for Windows can keep your computer protected from malware.

How can I learn more?

Be sure to also check out our past articles about malware and PUA, including our articles specifically about iOS malware and PUA, and our 2024 Apple malware forecast.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher, writer, and public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on Twitter/X, LinkedIn, and Mastodon. View all posts by Joshua Long →