Imposter app LassPass posing as the popular password manager LastPass has been removed from the App Store one day after the creators of the original app issued a warning against it.
Apple prides itself on keeping the App Store safe by performing numerous safety checks before approving an app and it does seem to have a higher bar for security than its immediate competitor. That doesn’t mean it’s doing a perfect job of keeping the App Store safe, as the latest incident shows.
What makes the oversight feel particularly worrisome though is that LastPass is a service people use to store logins and passwords for various platforms. A fake copycat app designed to trick people into revealing their master password could give the bad actors behind it access to every or most apps a person uses.
The app in question, LassPass, not only had a name resembling the original app but also copied LastPass’ branding and interface.
There were some telltale signs that it was a fake that many users were quick to notice, such as misspellings and a different publisher. It also had only one rating, whereas the legitimate app has more than 52 thousand. All of the reviews for it also noted that it was a deceptive app.
LastPass created a blog post on February 7 to warn its users against the app and it was kicked out from the App Store on February 8. It had been on the platform since January 21, according to analytics platform Appfigures, reports TechCrunch.
It’s not known how many people fell for the app, but it can be assumed that it failed to attract a significant number of downloads, as it never made it to any of Apple’s Top Charts.
If you have LassPass on your iPhone, not only should you delete it, but also change your LastPass password.