RockAuto’s Struggle with a Fake App on Apple’s App Store
The Surprising Discovery
The trustworthiness of Apple’s App Store has come under scrutiny once again. This time, the issue revolves around RockAuto, a well-known auto parts retailer favored by DIY enthusiasts and home mechanics. The company was caught off guard when customers started complaining about intrusive ads in its app, as RockAuto co-founder and president Jim Taylor explained to The Zero Byte:
We discovered someone placed an app in the Apple App Store using our logo and company information — but with the misspellings and clumsy graphics typical of phishing schemes.
The Imposter App
Fake RockAuto app on the App Store. Image Credits: Apple (screen capture by The Zero Byte)
Upon closer examination, the counterfeit app appears suspicious, but it’s understandable how some users could be misled. The app’s images on the App Store depict a truck with the word “Heading” overlaid, as if a template was used hastily and left unfinished. Furthermore, despite being titled “RockAuto” on the App Store, the app inconsistently refers to itself as “RackAuto” throughout its description.
Undermining Apple’s Messaging
This issue raises concerns not only because of the app’s potential to deceive RockAuto’s customers but also because it undermines Apple’s claims about the App Store being a secure and trusted marketplace. Apple has been resisting regulations like the EU’s Digital Markets Act (DMA), arguing that such laws would jeopardize customer safety and privacy. However, cases like this demonstrate that malicious actors can infiltrate Apple’s app marketplace as well.
Image Credits: Fake RockAuto app on the App Store. Image Credits: Apple (screen capture by The Zero Byte)
Apple’s Lack of Response
Despite RockAuto’s repeated attempts to have the fake app removed through proper channels, Apple has thus far disregarded their requests. RockAuto’s situation is reminiscent of a similar incident involving LastPass, where a counterfeit app posing as the password manager remained on the App Store for weeks until press coverage and a public warning from LastPass prompted its removal.
RockAuto’s Efforts to Resolve the Issue
Since filing the complaint on April 18, 2024, RockAuto has taken various steps to address the problem, including sharing its trademark registration with Apple, emailing the company, calling the number provided on Apple’s copyright infringement page, sending a DMCA Takedown request, and completing Apple’s required forms. However, they have only received automated responses, and the fake app remains live at the time of publication.
3 Comments
Looks like the “walled garden” has some weeds, doesn’t it?
So much for the “most secure platform,” huh?
Seems the “innovative” orchard is letting some pests in, doesn’t it?