Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This expert thinks he has found some major security flaws with the MacOS app store

A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.

Mac App Store users are at risk of fraud, as scammers find a way to trick the platform into accepting fake apps, an expert has warned.

The fake apps, pretending to replace some of the world’s most popular productivity solutions, are offered for sale on the repository, according to a report by security researcher Alex Kleber.

In his analysis, Kleber claims to have spotted five active Mac App Store accounts, all owned by a single actor, and all distributing fake apps.

False pretenses

These accounts offer apps such as “Work for Google Docs and Drive”, “Calendar for Google Calendar”, “Switcher for Chrome or Safari”, “PDF Editor for Adobe Acrobat”, and similar - all of which look as if they’re coming from official Google or Adobe profiles. The scammers even used original Google and Adobe icons for their solutions, in order to boost the apps’ legitimacy.

Kleber says he has been tracking the fraudster for years, and even reported them to Apple back in 2022, when the company removed seven of their accounts.

“Despite this, the developer managed to return and continue the same activities, spamming multiple developer accounts and using the same techniques to scam MacOS App Store users,” he said. Apparently, they are using multiple accounts to minimize the chances of all of the fraudulent apps being removed in one fell swoop.

“Techniques are employed to deceive users into purchasing applications under the false pretense that they are the original ones,” Kleber concluded. Some of the apps are designed so that the apps can’t even be closed unless the user purchases a subscription.

Briefly discussing how it’s even possible for such apps to make it into the repository, the researcher said the campaign demonstrates “how easy it can be to bypass the Apple Review team.”

TechRadar Pro has reached out to Apple for comments and will update the article when we hear back.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.