updated 09:22 pm EDT, Thu March 20, 2014
Media attention succeeds where developer reports failed
Thanks to media attention, Apple has now pulled an adware- and malware-laced fake "Tor browser" app from the App Store, months after it was first reported to be a fraud. The Tor project team has repeatedly complained about the fake app since December, as it was neither submitted by the team nor in any way official, but only when iOS news sites like this one picked up on the story did Apple take action.
Part of the fake Tor browsing app
It remains unclear how the bogus program got through the review and approval process in the first place, and Apple hasn't commented on the matter or clarified whether it also pulled the developer membership of the author. The Tor project team, who develop open-source code to help shield users' true IP address, apparently received acknowledgement of their initial complaint quickly, but no further action was taken when the fake app developer failed to respond.
The good news is that very few people downloaded it in the first place, reports Ars Technica, and no reports of malicious activity have thus far emerged from the few users who installed it. Nevertheless, one of the App Store's prime advantages over the similarly-sized Google Play app market is that its own App Store requires scrutiny and approval for all apps going into it.
While this is not the first fake app to make it past the review process, its potential to have caused actual harm to users puts a serious dent in Apple's reputation for iOS security, a major advantage over the malware-ridden Android platform. Until the company comments, users can only hope that the incident has sparked a review of security procedures in app approval internally at Apple.