Despite complaints, Apple hasn’t yet removed an obviously fake app pretending to be RockAuto
Appleās App Store isnāt always as trustworthy as the company claims. The latest example comes from RockAuto, an auto parts dealer popular with home mechanics and other DIYers, which is upset that a fake app masquerading as its official app has not been removed from the App Store, despite numerous complaints to Apple.
RockAuto co-founder and president Jim Taylor was first alerted to the situation when customers began complaining about āannoying adsā in its app ā something he said āsurprised us since we donāt have an app.ā
āWe discovered someone placed an app in the Apple App Store using our logo and company information ā but with the misspellings and clumsy graphics typical of phishing schemes,ā he told TechCrunch.
On closer inspection, the fake app doesnāt look very legit, but itās easy to see how someone could be fooled. Its App Store images show a photo of a truck with the word āHeadingā across the image as if a template was hastily used and the work was unfinished. In addition, despite being titled āRockAutoā on the App Store, the app refers to itself as āRackAutoā throughout its App Store description.
Whatās more, it promises customers that āYour privacy is a top priorityā and that āall your data is securely stored and encrypted, giving you peace of mind.ā Thatās not likely, given the nature of this app.
The issue is not only concerning because of the appās ability to fool at least some portion of RockAutoās customers but also because it undermines Appleās messaging about how the App Store is a trusted and secure marketplace ā which is why it demands a cut of developersā in-app purchase transactions. The tech giant has been fighting back against regulations like the EUās Digital Markets Act (DMA), by claiming these laws would compromise customer safety and privacy. Apple believes that customers will be at risk if they conduct business outside its App Store with unknown parties. But, as these cases show, bad actors can too easily infiltrate its own app marketplace as well.
Apple has so far ignored RockAutoās requests to remove the fake app, which were all sent through proper channels, according to documentation the company shared with TechCrunch.
While searching for a solution to this problem, RockAuto came across our coverage of a similar situation with LastPass. The password manager was also the victim of a similar scheme when a fake app pretending to be LastPass was live on the App Store for weeks. LastPass eventually had to warn its customers publicly in a blog post, as Apple had not yet taken the fake app down until after the press coverage and LastPassās own post went live.
Apple didnāt respond to requests for comment at the time. The company wasnāt immediately available for requests for comment about RockAutoās complaint either.
Taylor says that RockAutoās Customer Service manager initially reached out to Apple to resolve the situation. When he didnāt get a response, Taylor got involved.
āItās mostly one-way since the only replies weāve had from Apple are āyou shouldnāt have emailed, go use the online formā and āupload screen prints of the app store listing and your trademark registration,’ā Taylor explains, both of which RockAuto had already done, its documentation indicates.
āNeither the uploaded documents nor the online form submissions produced any response at all,ā Taylor noted, ānot even the promised ācase number in 24 hoursā despite multiple submissions,ā he said.
Since filing the complaint on April 18, 2024, RockAuto has shared its trademark registration with Apple, emailed the company, called the number provided on Appleās copyright infringement page, sent a DMCA Takedown request and filled out Appleās required forms.
It has not received anything other than automated responses and the fake app remains live as of the time of publication.