Apple kicked out a pirate streaming app that had been masquerading as a fake vision-testing service for months, the second incident that called into question the review process for the App Store.
The app, called Kimi, landed on the Apple App Store’s eighth spot for free entertainment apps and reached 46 overall for free apps, according to The Verge. However, the app was really a front for a pirated streaming service.
The Verge noticed the app’s description promoting it as “an interesting APP that tests your eyesight” had reviews from users who said, “I downloaded this app to watch Frozen II” and “It’s basically like Netflix.” The app hosted an illegal streaming service complete with movies, television shows, reality series, and recommendations. Users could find popular movies like The Underdogs, Leave The World Behind, and The Florida Project on it.
You didn’t need to participate in an eye screening before accessing them.
Apple removed Kimi from the store after The Verge’s story went live, but it had been available since September. The app violated Apple’s bait-and-switch policy by presenting itself initially as a vision test and then launching as a pirated movie app.
This is the second time a dubious app has launched on the Apple App Store this month. Last week, a fake LastPass app was available in the store. It’s a fake app masquerading as the legit LastPass, a password-storing manager, but it really served as a phishing scheme to nab users’ information. The app was similar to the real LastPass aesthetic in color and branding but dubbed LassPass instead. It got a 5-star rating, although it had four reviews warning it was fake.
The two instances raises concerns about Apple’s app review process as of late. In the case of LassPass, users could have turned over all their valuable data, including passwords and credit card information, thinking they were storing it in a legitimately safe account. The actual app, LastPass, issued a statement along with the fake URL and the correct one so users could verify they were downloading the correct, and safe, app.
Apple has a strong record of verifying and offering legit apps that deliver what they promise, with no strings or illegal freebies included — it’s one of the key selling points of being on iOS. The company uses automated checks and software reviews to verify privacy, security, and content, as well as a manual review. Developers must adhere to a strict set of guidelines to get approved. In 2022, the company rejected nearly 1.7 million app submissions and banned 428,000 developer accounts for not adhering to the guidelines. It removed 24,000 apps for the same bait-and-switch tactic used by Kimi and rejected an additional 153,000 app submissions for violating policy.
Now, companies like LastPass are scouring the store to keep users safe by altering anyone to fake apps misrepresenting themselves as the real thing. LassPass was removed on February 8 for violating Apple’s guidelines on copycat apps.