Fake Alexa Setup App in Apple Store Removed After Climbing Charts
A fake Amazon Alexa Setup App made it to a top 10 place under the Utilities apps in Apple’s iOS App Store. Media such as 9to5Mac and Engadget picked up the news on December 27th. By Dec. 28th, the app along with the scam developer was removed from the App Store. However, how popular the app became is what causes concern.
The app was called “Setup for Amazon Alexa,” and was produced by a company called One World Software. It asked users to supply their IP address in addition to the device serial number and a ‘name.’ 9to5Mac pointed out that One World Software also has two other suspicious apps in the App Store: “Marketplace – Buy/Sell” and “Any Font for Instagram.” By 6:17 am on the 27th, 9to5Mac reported that the app was placed at #60 overall in the general “Top Free” apps section, and #6 in the top ten apps under Utilities. VentureBeat reported the app had over 9,400 ratings to date.
One World Software’s privacy policy stated it would collect and use “IP address, browser information, referring/exit pages and URLs, clickstream data … domain names, landing pages, page views, cookie data … mobile device type, mobile device IDs … and location data. In addition to disclosing that the company might track users’ location and movements to “monitor the effectiveness of [its] service[s] and … marketing campaigns.”
The iOS App Store is generally known to be locked up tight – to see a scam app make it past the review process is surprising says 9to5Mac. Most likely what happened is that the influx of post-Christmas Alexa owners searching the store for the Alexa setup app led them to accidentally download the scam app, ultimately propelling the application to rank highly in download charts. One World Software probably knew that a large number of people who were unfamiliar with voice assistants would be searching for the setup mobile application after Christmas, and wanted to capitalize on the influx of new users.
What Your IP Address Provides
Hackers who obtain your IP address can get ahold of some pretty valuable information: your city, state, and ZIP code. This location data can then allow hackers to find out other personal information. If you or someone you know is concerned about the safety of their personal information while online, the best thing to do is hide your true IP address with a VPN (virtual private network). A VPN will provide users with a temporary IP address so that your ISP (internet service provider), government actors, and hackers don’t know who or where you are when you surf the web.
McAfee’s 2019 Predictions Came True in 2018
At the beginning of December McAfee released their 2019 Threats Predictions Report, which, among many other threats, specifies voice assistants on smartphones becoming a target of hackers. Describing phones as a ‘picklock’ that opens a much larger door, McAfee also pointed out that smartphones provide access to voice assistant apps, which can hold personal data ranging from simple alarms to banking information.
Voicebot’s Voice Assistant Consumer Adoption Report 2018 found that voice assistant use is far more prevalent on smartphones than any other device and that one billion devices have access to voice assistant technology. So although this incident was small, short, and over (for those who have uninstalled the app at least), it is an important reminder to continuously monitor threats and that the popularity of voice assistants will increasingly make them a target for hackers.
McAfee Says Smart Speakers Could Become Targets for Sophisticated Malware in 2019
Alexa and Siri Listening – Witlingo’s Brielle Nickoloff Discusses Privacy and Consumer Concerns