Hacker News new | past | comments | ask | show | jobs | submit login
Scammed by the top result for 'Bitcoin wallet' in Apple App Store
242 points by habeanf 11 months ago | hide | past | favorite | 150 comments
Earlier today I decided to switch my Android for an iPhone. After moving all my apps I decided to make the jump and move my bitcoin from the android wallet. I searched for 'bitcoin wallet' on the Apple App Store, installed the first app I saw (as far as I could tell, looks legit), transferred bitcoin, and it immediately got sent off. Turns out this app was previously reported at least 12 days ago as a scam ( https://www.reddit.com/r/Bitcoin/comments/1b3q5wr/fake_wallet_on_apple_app_store/ ) but its still up there, #1 search result.

I get that I've failed to vet the app but honestly, how does a scam app become the #1 organic search result (not promoted) in the app store, topping binance, blockchain.com, and coinbase?

EDIT: linking to a screen recording that includes this post and comments of no repro:

Before removing the app - https://streamable.com/q2mulu

After removing the app - https://streamable.com/y5nhy7




I don't think I've ever searched for something on the app store and not got a scam as the first result

just tried it

    - my bank? I get crypto.com
    - train company app? knockoff app that charges extra fees
    - my broker? CFD gambling app
    - official government app for paying my tax? intuit product
I dare to think how many people this lures in

scammy ads plastered everywhere is what I'd expect from Google products

not for the Apple equivalent that commands a significant price premium


> scammy ads plastered everywhere is what I'd expect from Google products

This won’t fit with the manufactured popular understanding, but at the current time, Google protects you from fraud and scam better than anyone.

I have been unfortunate enough to be scammed recently from a bing search result (ad). (It was a new computer and I decided to use Edge and bing was the default search).

Apple, Microsoft etc. are rookies in this game. Google just has the benefit of experience and hence is much safer now than anyone can ever become in the near future. Because of this, scammers are much more likely to target other platforms… which happen to be Apple, Bing, Facebook etc.


This is true. Btw, the macOS app store is also full of products that you really shouldn't use and most of software you really should use have alternate ways that you buy them going through their website and get something so that you can install. Microsoft Office, JetBrains IDEs and Adobe products all will install and update without you having to go through the macOS Appstore.


Doesn't Apples current dispute with the EU hinge on the argument by Apple that keeping their App Store locked down protects customers from scams?


I don't remember, but the macOS apps distributed without the Appstore also require all the Apple dev dance of signing, notarization and paid developer account and all...


> Google protects you from fraud and scam better than anyone

I have to disagree. Czech Youtube is currently full of scam ads with photos (and sometimes even bad deepfakes) of Czech president and other public figures, supposedly endorsing some investment product that yields you like 50% profit. I keep reporting these, and I know some people who do too, but ~80% of those reports get handled as "we determined no violation of our rules".


How related is a youtube video in Czech showing up in your preferred videos with Apple store's first search being a scam


I was replying to the claim that Google is good at protecting from scams.

Also, it's not in my "preferred videos", they are paid ads, and they appear to many people, maybe it wasn't so clear from my comment


where can I see one of these fakes ?


Google is also kind of shit at this. To be safer, it's advised to block web ads so that the sometimes scammy first result is hidden in the search results.


I almost got drained today by accidentally connecting my wallet to the first sponsored Google result for 1inch. Maybe not that good?


On the contrary, as someone who has worked with both platforms as a developer, this is my personal opinion:

- Around a lot of things software, including the Play Store, Google’s safety and security, for all its ads, tracking and shenanigans, are real, largely verifiable, discussed openly, and pretty fucking robust (not to mention, most of it are actually open).

- Apple’s? Smoke and mirrors! Essentially some vague shit which often ludicrously boils down to Safest Shit Ever On an iPhone™ (and doesn’t go further than that) and never discussed or even offered a glimpse of.


[flagged]


iOS exploits are worth the same as Android ones.


An iPhone user is typically from a rich country, like US or Japan, an Android user is typically from India or China. Here's 10x wealth difference.

Add to this the fact the iPhone users are dumber and more prone to expoits, so of course hackers would rather focus on App Store.


Be that as it may, many security firms actually value Android zero-days above iOS ones: https://zerodium.com/program.html


Hilarious. I don't think i have never seen or gotten a scam app (not including games, which I don't use) as the top result on Google Play.

In fact, I just used all your searches on Google play and got

- my bank

- the train company app

- my broker

- hmrc

The next 4 or 5 in each case were also legit. Maybe this is really something to be aware of if switching to apple? Certainly would not have been something I would have been expecting from apple (though I am pretty careful about vetting apps).


I think the poster here meant an ad over the search results rather than the actual first result. The ads have a different highlight and a badge that says "ad" ... I just tried the same categories and all of the top results were the official app. The next few were mostly apps from the same developer as well. I don't know that I would call ads that are clearly labeled as ads a "scam" even if they are unwanted


I am still surprised that when I search for a specific app (as you did for your bank) I still see junk ads before the real app shows up. Apple should be better than that. They seem to have the same bad incentive Google search does.

What is CFD gambling? When I read “CFD” I always think of computational fluid dynamics and so “CFD gambling” sounds pretty cool to me. Obviously I do know I’m just overfitting to a TLA and I’d like to know what it actually means.


Probably “contract for difference”: https://en.wikipedia.org/wiki/Contract_for_difference


> Apple should be better than that.

Everyone should be better than that, but as far as Apple specifically, they're really no better than any other hypermegacorp. Apple's a company, it doesn't give a damn about you, it only gives a damn about enriching its owners.


It really does undermine the legitimacy of their claims that they should be the only source of apps, for safety reasons, of course. That reason alone is why they "should be better"; It would serve to legitimize their dogma.


Yeah, I consider it short sighted.


Apple built up a really strong brand by not doing this kind of thing for a while. They get to charge twice as much money for half as much performance because they made sure their products felt nice and intuitive to use. Now they’re willing to destroy the most valuable brand in the world to make crypto money? It makes absolutely no sense, even accounting for greed.

Also, I’m sure this kind of thing hurts their prospects in antitrust cases (like in the EU)


> Apple … get to charge twice as much money for half as much performance…

Has this ever really been the case?


Maybe I should say half as much hardware. Performance is too subjective. But nobody else can charge $800 for an extra 64g of ram. My point is their thoughtfulness about their ecosystem is what allows them to de-commodify their hardware. There’s a price for RAM, and a price for RAM in an Apple computer.


I don't know the current status, but iOS's design meant apps at least used to be _far_ more efficient than the equivalent Android, and thus Apple could ship lower end hardware to deliver the same or better performance to the end user. The was a measurable fact, thus objective.

The same is still somewhat true for macOS where for the average web browsing user, macOS + Safari needs less memory than you would need on Windows. This is also a fact, but it doesn't help power users.


I regressively searched for the app advertised in the previous search. At around depth twelve, a search for “four” gave both an ad and top result of an app named “Four”.

If you’re curious, Four’s description is “Shop Now, Pay Later.”


contract for difference

in this case: extremely short term highly leveraged bets


This guy's the least risk adverse trader on the Internet! (I know, probably not, but it's funnier this way)


In hindsight, this is quite obvious. Coming from years of using Google Pixels I just got used to trusting the search results. I've never hit a fraudulent app when searching in the Play Store. I trusted apple that at least the top 5 results would be legit. EDIT: added the word 'top' at the end


When I first got an iPhone a few years back, this is the thing that shocked me most. This is completely out of line with what I expect from Apple. I don’t have "scams" per se, but the first result when searching for a keyword is systematically an ad for a competitor:

- Spotify -> Deezer

- Uber -> Heetch

- UberEats -> Deliveroo

- Deliveroo -> Ubereats

- My bank -> crypto.com

I have no idea why Apple allows buying trademarks/full app names as an ad keyword. Perfect matches should always have the app first, not an ad.

Is there something in the AppStore rules that prevent apps from buying the keyword ad for their own app?


> I have no idea why Apple allows buying trademarks/full app names as an ad keyword.

Because unlike a regular search query, app store searches tend to be for app names, which are unique. Advertisers won't be interested unless bidding on brand names were allowed.


Especially given they use enhanced security as an excuse so often


Special mention, the f***ton of Whatsapp clients on the iPad when Whatsapp didn't have any releases for the iPadOS up until last September.


This has been a very noticeable problem to me for some time.

I won't search the App Store anymore. I go to the web site for the app I want and get the App Store link that way.

I wish the App Store listings would specify the domain of the entity they come from in plain text, backed by a validation method similar to what we do for TLS certs.


Can you share some search terms you tried? I never had this problem, but I’m also not in the US so it might be different here


Pretty much every brand or app I search for finds a competitor first. Searching for "robinhood" turns up an unaffiliated cryptocurrency app and "macrofactor" turns up a competing diet app, etc. App store search has been broken for at least a few years.


> "Pretty much every brand or app I search for finds a competitor first."

You're going to hate Amazon.com.


Amazon is known to be a flea market though. Apple is supposed to be the Nordstrom of this sector.


Do you mean ads or organic results?

Apple should remove App Store search ads altogether (I'm sure they won't). By definition they won't give you the app you searched for, because the keyword will be bought by a competitor or even a scam.


If Apple is making money from showing incorrect search results, isn’t that worse?


What if you're searching for "bank" or "flashlight" or "map"?


Do you mean the ad at the top? For me, the first result is always an ad which is mostly not the right result, and the second entry (the first actual result) is the right app.


I don't recognize this picture at all. Even if you aren't distinguishing between ads and search results I'm not seeing scams as adverts but there may be a difference between the UK and US app stores in this respect perhaps.

For me on apple UK app store:

my bank - Ad: another legit bank. First result: my bank

Train company - Ad: a generic legit train booking app. First result: the train company

My broker - Ad: another broker. First result: my broker

Official government app for paying my tax - ad: a general tax app. First result: government app.

It stands to reason that they won't show an ad for the thing you're searching when it's the first organic result so I don't find this surprising.

[1] I have two and tried both. Results were the same with a different legit bank as the ad each time.


At what point do we recognize marketing as a sociological disease?


The point where we admit that HN is the patient.

A longtime HN commenter just switched to iOS? Seriously?


Do you mean the search result or the ad that pops in at the first space? For me all those have good results but all contain ads for more or less unrelated apps

I would also expect products with premium pricing to not contain ads.


> my broker? CFD gambling app

I don't think 'gambling app' is a fair description given it's a regulated security, any broker that truly offers CFD trading is (1) going to be legit; (2) going to be competing with the broker you were searching for for result space.

Of course to serve its users any app store should massively prioritise the word/brand (incl. typos) you actually search for though.


Casino gambling is also regulated, there being some degree of oversight doesn't make it not gambling.


Sure. This is a financial instrument used by industry professionals though, not just an 'app'.

You can (and some people do) call buying shares 'gambling' too, at some point it just comes down to what our definitions are and it's not very interesting.


There are professional gamblers (pro poker?). I think I understand the spirit of what you're trying to say, but CFDs are absolutely a gamble, like most investing. It just doesn't have the same stink of "casino gambling," it's a fresh cut, cologne wearing, suited up form of gambling.


> absolutely a gamble, like most investing

Yeah well like I said, definitions. If most investing is gambling then sure, I just don't find that useful.

Anyway the initial comment I was responding to was 'looking for my broker but got CFDs'; my point was they got a different broker. It's still a bad search result, but it's not a weird scam, it's just a competitor. It's not the same as looking for my bank but got crypto exchange at all.


gambling (noun): the practice or activity of betting : the practice of risking money or other stakes in a game or bet

This is the actual dictionary definition of how I would describe investing to someone who'd never heard of it. Investing money is gambling. It's not a bad word or something to be ashamed of, and I'm not trying to be a pedant (I say as I type a long comment starting with a dictionary definition), I just think it's important to recognize & remember at all times so you don't lose everything.

I get what you mean about the broker app. App store searches are bullshit.


> any broker that truly offers CFD trading is (1) going to be legit;

Er, no. "Contracts for Difference" are the new binary options.


https://www.fca.org.uk/publications/policy-statements/ps19-1...

They're in the category that, while they theoretically can be used by skilled investors, anyone offering them to retail punters is up to no good. Because those punters are going to lose money to them hand over fist.


I'm not sure if you're writing from the UK or US, but while the latter has a more stringent 'Accredited Investor' qualification (skilled or wealthy, applied and granted) - and actually flat out doesn't allow CFDs anyway (options are much more common & are retail available) - in the UK this just amounts to a KYC type form where you tick that you understand the risks; they also have to tell you (I assume, because they all do) the percentage of customers that lose money trading them on that platform (typically ~75% from what I've seen).

But they're not 'up to no good', you may not like it, but this is allowed and fully above board. If you search 'HL' and get 'Trading212: shares & CFDs' that's a bad search result, but it's not a scam, they genuinely and legitimately offer that, and compete with HL (which doesn't offer CFDs except through some kind of tie-up with IG).


> I don't think I've ever searched for something on the app store and not got a scam as the first result

It’s cool to crap on Apple and all these days but this is all categorically false. What you are referring to is the Ad on the top of the page. It’s clearly labeled as ad and has a light blue box around the whole ad.

I tried all those things you mentioned and the first result after the clearly labeled ad is what I searched for.


Then what are the ads for? How do they benefit users?


TFA is talking about a literal scam, where his money vanished.

> - my bank? I get crypto.com

Although crypto.com is not a bank, they seem like a legit business and not a scam. Many people are using crypto.com: I know one person who has one such card and I asked a waiter if he had already seen cards like that (waiters gets to see many credit/debit cards a day) and he answered me that they weren't that uncommon.

> - official government app for paying my tax? intuit product

They may be using shady tactics but they are not a scam.


crypto.com 1) is cryptocurrency bs and 2) buys ads on keywodrs which leads them to appear on searches for specific banks, smells like a scam to me


Apple statement on why the EU requiring open app stores is bad:

Schiller, an Apple veteran who once ran its marketing machine, said the moves to break the company’s closed ecosystem for software will undermine the privacy and security the company has worked to build into its products and services. “This isn’t our first choice,” he said. “We always want to have the highest standard everywhere in the world but we also have the requirement to meet the legal requirements in the local markets. “In the App Store we have a lot of signals that we are looking for every day to find scams and stop them,” Schiller said. “With these new marketplaces we won’t have visibility into those issues.”

Right.


Also from Schiller.. the open web is a direct threat to our cash cow.

https://files.mastodon.social/media_attachments/files/111/95...


The company that claims to have "the highest standard everywhere in the world" for security and privacy, happens to run a major desktop platform (macOS) with only a primitive basic signature-based antivirus built-in. Instead they rely on Gatekeeper/notarization for the bulk of the protection, which is a pain for devs (when it doesn't work right) and less effective.

Same is now happening with iOS sideloading, instead of robust antimalware based on heuristics and app behavior (like Google Play Protect), they'll keep relying on blunt instruments like notarization. Doubt it'll keep users safer. Maybe it's NIH syndrome?


I thought the Apple platform had the best consumer experience and that's why folk love it -- it "just works" -- cause they keep the riff-raff out of their gated community.

Perhaps they let this one slip through because their team was too busy dragging out the review process for our cannabis compliance application, they can only afford so many reviewers after all. We wouldn't want children accidentally getting their hands on regulatory compliance data for deadly deadly cannabis. (which could happen with our application, after they had signed up and verified their agency cannabis license (which only takes many months/years and $$$$$s to get))


Apples app store is way worse than the google play store. i was shocked at how bad the app store is with shitty ads and promoted content over organic search results


And yet, the top result for "Bitcoin wallet" on the play store isn't a scam. And on it's definitely not a scam on F-Droid where I would personally look for a Bitcoin wallet.


You do you. I'd not use a phone for a Bitcoin wallet.


fwiw i hope yall get approved. thank you & take care.


It did - before cheapo enshittification started creeping in. I believe some time ago I saw some research on the quality of App Store app review process … zero protection.

But, even at this stage, Apple is still “the best”, because of the slower pace of the corruption and in comparison to the toxic dumpster fire of the alternatives.

Android and Windows are spyware/malware masquerading as OSs.


This is incorrect unless you're shifting topics to whether we trust MS, Apple, or Google's data collection more.


Or, we can say that all of them are dumpster fires, even if Apple is maybe the best of the shitty app stores.

On Apple though, you don't have anything other the App store. That's something to consider. On Android, you have the chance to install F-Droid for example.


I am in India and I can see the app on top spot (marked as Ad) when I search for Bitcoin Wallet.

My theory is, they paid for an Ad in a specific region and hence it started showing on top, people started downloading in that region, and that boosted the overall ranking for that app and hence people from other regions are seeing it among top results, even though its not an Ad there. Irrespective of the rating or freshness of the app, since it is getting downloaded in one region (because it is an Ad there), automatically it goes to top in other regions.

This trick can be used by other apps also, considering it would be cheapter to buy the top Ad spot in India and then it organically rises to the top.


and in this scenario, Apple has no incentive to stamp this out as they make money either way.


Promoted results in Google are loaded with scams. According to one recent report, 75% of brands are affected (https://searchengineland.com/google-search-ads-brands-fraud-...):

The researchers who conducted the report found that retail giants such as Amazon, American Airlines, Lego, Pizza Hut, and Samsung were all victims of identity fraud within Google Search Ads.

Here's a Google SERP for "Facebook" which shows Facebook as the URL, redirects to an Apple security scam: https://youtube.com/shorts/gTEuqXYAp58?si=lzFV9mfX31_8nzd1

Google even vouches for the advertiser:

https://twitter.com/leanmediaorg/status/1724467969344905534/...


That’s insane, and news worthy. Imagine non-techies just trying to go about their day and getting that.

But hold on a sec. Is this verified by others? The guy in the video cuts to a screenshot, which doesn’t show the resulting url or how he got there, so it’s hard to tell what happened.


Two versions of the video. This one shows the click: https://youtube.com/shorts/dXZQMkPJkXg?si=hsL8fUirHZj3DMG5


That's still a jump cut, it only pretends to show the click. Dodgy


even if it did show the click it's easy enough to edit the page in devtools to go wherever you want


This is about app stores, not web searches. Google Play Store does not suffer from this issue to the same degree at all.


>Google even vouches for the advertiser

Google vouches that the advertisers is who is he says he is. Google is not vouching for the reputation if the advertiser.


It wasn't a promoted result, it's an organic search result, and it's still there!


> does a scam app become the #1 organic search result (not promoted) in the app store

It's possible that it's just because it was literally called "Bitcoin Wallet", an exact match for your search, or boosted by fake reviews, or it was actually an ad that you didn't notice. Though it shouldn't have gotten past review at all

But I don't really understand why you'd blindly trust some random app?

Also, would be interesting to take a look at the app, sadly know nothing about ios apps or how to get the IPA, only android.


You're right, I shouldn't trust a random app. Also, it's pretty much my first serious foray into Apple land. I trusted Apple's search results. There are multiple apps, far more mature and backed by serious developers, that would also match the phrase "Bitcoin Wallet".

The question is why is the scam app the #1 organic search result? For a new app with such scammy reviews and questionable metadata I would expect it to be #30 in the list. For context, the app store reports the scam app as #85 in all finance apps.


> The question is why is the scam app the #1 organic search result?

The real answer is that this has been happening for years. You can pay companies to pump up your app to the top of App Store search results or "app categories" lists, and they'll have farms of iPhones/Androids downloading apps to pump up their rank, and giving them 5 star reviews.

There have also been repeated problems with copycat apps that impersonate real indie apps (and sometimes end up earning more than the real app), which should have been a warning sign of the problems of App Review. Google "app store copycat" and you'll see.


> But I don't really understand why you'd blindly trust some random app?

Perhaps because Apple claims their apps go through a review process, and one would hope this would have failed that process? That's what Apple claims the value proposition of their 30% cut and closed platform are.


This short conversation perfectly summarized the reality behind the Apple <> EU spat.


Don't worry, everyone. Apple can now afford to hire some app store reviewers by using the revenue from its new "Core Technology Fee." This fee requires developers to pay Apple €0.50 for every first annual installation exceeding a threshold of 1 million for apps distributed outside the App Store.


But I've been assured that the 30% protection racket Apple charges is justified because they spend so much effort curating their store. I'm assured by Apple's latest press release that the web is full of scams and only they can protect me from it.


It is both impressive and concerning how well their app store optimization efforts were, for what seems like a major keyword/phrase. These type of shenanigans were usually reserved for the Play Store. No more.

To be fair many crypto wallet apps are deceptively simple applications.


Replying to verify I see the same app almost at the top of search result. Based in Canada and searching “Bitcoin Wallet”, it was the 2nd non-promoted result.

I have only 1 other app of this variety on my phone currently and haven’t used it or searched for anything crypto related including months.


Same for me, second result. I've never had anything crypto-related on my phone.


So much for Apple "security"


Security isn't binary and it should be compared relative to other platforms.


Security measures should be treated as an opportunity cost, and scrutinized when it fails. In this case, the App Store's manual review layer has failed to catch a rudimentary scam. It's becoming a recurring issue on the App Store.


I really Thank the AllMighty for helping me get back on my feet after i lost a huge amount of fund in a facke online platform. I will not say the amount just for security reasons but i lost almost everything i made as a banq manager for 33 years. I was literally having so many b*d thoughts of things to do to myself, not until i met an old highschool friend who introduced me to a recovery expert here [ Wassap : +1 ( 6 5 7 ) 2 6 2 4 4 8 2] who helped her with her crypto skam few months ago. it took just 48 hours to start and finish the recovery and i got all my loses back, it feels so wonderful i didn't believe a day likethis will ever come to pass, but yes it did. I shared their contakt above just incase anyone here finds themselves in similar situation ever. and this is their Emeil too Refundpolici (At) Gmail (Dot) Com


It is very important that common people understand that the Apple App Store is not a way to outsource their own security and blindly install whatever they find on it, personally I was always convinced that Apple Marketing about the security of their App Store in regard to opening competition sources of app installs, has done a lot of damage to their users for the benefit of their shareholders, and if I was a Apple user I would be pretty upset for them up to the point where I would be unable to trust them. Whatever the source you're responsible for your own safety. Don't be a victim of marketing departments.


What was the justification for the app store ecosystem?


To cut Apple in all transactions, and maximize grift by having just scam apps


Steve Jobs saw what Steve Case had with AOL and thought "we need to be doing that".


This is understandably shocking. The way I have chosen bitcoin wallets is searching for trusted brands in the space using Google, and going to their website and then installing the app.


That's actually quite worrisome. I don't really think twice about downloading the top result for things like PayPal or local banking apps if I get a new phone, for example.


Why did you have to transfer bitcoin? Surely you would just load your private key into the app unless I'm missing something.


Honestly, I got lazy, and that's on me. I was using the standard bitcoin wallet app on android. It did seem weird I can't restore the wallet I backed up in the android app, but the android app github doesn't point to an app store app, so I figured there just isn't and the android app's backup format is something detached.

Then I figured a legit apple app could generate a wallet and I could transfer the bitcoin between them. Which is what I did. The apple app indeed received it and promptly sent it off somewhere else. What's even crazier is that the apple app shows this info! You'd expect the scammer to hide the scam but I suppose it just made it easier to pass the app store inspection.


> The apple app indeed received it and promptly sent it off somewhere else. What's even crazier is that the apple app shows this info!

Did you try moving the crypto back to your Android wallet? Sometimes they do move to cold storage, or invest into DeFi schemes. It will be hidden in their T&C.


Guys Apple told me if I gave up all my freedom they would keep me safe.. I don’t feel so good..


Must be region/account specific. I get crypto.com, bitcoin.com and coinbase as the top three results. Nevertheless I agree these should be moderated better and scam apps need to be removed quickly.


Working as intended. Apple has repeatedly rejected an update to an app that we have recently updated because it had a link to our help site which links to our main site which has an option to purchase a subscription. Despite us having published 60 versions successfully until today, that link being there and unchanged the entire time. But this sort of shit, no problem go right on through, sir.


There might be an argument that the app store itself is the scam.

I think there are ~ 3m apps available right now. Apple is the only place (currently) to sell apps, or buy apps. They interpose themselves, and do a poor job of things. How can a buyer make his apps visible? How can a seller find anything?

There should not only be more app stores, there should be markets and communities and personal apps.


i am open to share my experience with bitcoin investment and losing

money to scammers. However, yes it is possible to recover your stolen

bitcoins. I never believed in bitcoin recovery because I was made to

understand that it was not possible. However, sometime in October I fell

for a forex scam which promised overly high returns and I ended up

losing close to $55,000. I searched for a month for help until I finally

came across an article on reddit in regards to recovering stolen

cryptocurrency so I reached out to them (IBRAHIMFINLEY8 @ gmail, com) I

was so scared and skeptical because I have heard of bad experiences but

I decided to give him a try and to my greatest surprise I was able to

get all my stolen bitcoins recovered from the scammers within a very

short time frame.


I have been scammed before by the top result also. So not only are they taking a 30!!!!!% tax on developers (not only on profit) but they milk ad. money from shysters. Yet you still have the just “use another phone” / don’t release your app with them people. Yeah who? Monopoly B?


When I perform your search, I get legitimate results at the top, and I don't see the specific app from the Reddit thread. But about at about rank #7, I see an app that uses a distorted form of the same logo, a different unfamiliar publisher, a slightly altered title and a similar smattering of only a few reviews.

It sounds like somebody is burning developer accounts to keep reposting the scam app. Not unlike people being banned from a website and then resubscribing with a different email or through a VPN or whatever. It slipping through into your results isn't so much plain neglect as it is an arms race that Apple is on the losing side of this time.

Robust algorithmic ranking and moderation at scale is a myth, though, and you can find this happen pretty much everywhere. This one will probanly get squashed with some near-term update to their algorithm, and then get compromised again sometime later since crypto is so ripe for scamming.

You can't escape personal due diligence and "it was top ranked!" has never been that.


> You can't escape personal due diligence and "it was top ranked!" has never been that.

Apple continually makes claims that the closed ecosystem is essential to the safety of their customers, that they have a robust review process, and that their customers choose them because of the safety they provide. Apple should stop repeating these claims if they are not, in fact, reliable protection against scams.


Posted above the screen recording: https://streamable.com/y5nhy7

> You can't escape personal due diligence and "it was top ranked!" has never been that.

On one hand that's a fair point and I should've known better. OTOH I think it is legit to trust top app store search results to return quality apps, especially if there is a massive disparity between their quality. The scam app has obvious repetitive spam reviews. The developer's website is terrible and the submit button doesn't even work. This is basic quality control on apple's part. If every single app store user needs to manually vet every single app they install to the proper extent there would be a fraction of a fraction of the installs and respectively, a fraction of a fraction of the revenue.

Consider the extent of lawsuits between apple and companies with app store apps - does it not strike you that apple protects that revenue stream? Wouldn't it make sense to give app store users a sense of trust in the top search results?


> Earlier today I decided to switch my Android for an iPhone.

Mistake #1 : switching to an even more closed computing environment, where user has strictly no control

> android

Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden

> wallet

Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money

> but its still up there, #1 search result.

Mistake #4 : trusting that Apple is making huge efforts to secure their environment.

In the same vein as "not your keys, not your coins" :

    - "trust the vendor, not your coins"

    - "not your hardware, not your coins"

    - "not your operating system, not your coins"

    - "not your key management software, not your coins"

    - "not open source and therefore not auditable, not your coins"


> Mistake #1 : switching to an even more closed computing environment, where user has strictly no control

I've been with Google Nexus and Pixels for many years, roughly starting with the Nexus One. Ironically, I switched from an iphone 3GS at the time that I owned for a few months.

After many years of being on windows, then linux, then Mac, then back to linux, now back to Mac with linux on ssh, my conclusion is that user control doesn't necessarily mean a better user experience. A closed computing environment allows for consistency and sturdiness. When you start looking at your phone as a device, rather than as a computer, it becomes obvious.

> Mistake #2 : running on a tech. stack you do not control: closed-source, walled-garden

I don't control android in any way. I could read its source code if I really, really wanted to but why would I? I want a product. A device. Would you read the source code of your washing machine? Dish washer? At some point you want to live your life and stop reading anything and everything as if you actually have enough time to tinker with all of it.

> Mistake #3 : using a wallet instead of your own private cold storage to hold any kind of significant amounts of money

Meh. 'Significant amounts of money' is subjective. Some would say the amount of money I lost would be a life changer, some would shrug it off as a yearly bonus on the lower end of the scale. Fact is, I had my bitcoin on some version of a pixel for roughly 7 years and never had a problem.

> Mistake #4 : trusting that Apple is making huge efforts to secure their environment.

They made a huge effort to secure their hardware; its some of the best in the world. The thing is they put a ton of focus on hardware security but hardly enough on software / service stuff. In this case, the app store search was compromised by some bots leaving reviews.

Your general theme seems to rely on having access to open source on all levels leads to more security.

This is patently false. For example, the vast majority of smartphones use baseband processors that are not just closed source with closed source drivers, but the ICs themselves are tightly guarded secrets by their manufacturer (probably Qualcomm). There are probably a dozen or so chips in every smartphone running all sorts of firmware you have no access to. Same goes for computers.

In fact, I would argue that Apple's model might be the most secure, because they do SoC, which requires they know far more about and have much more control over the inner workings of every sub component.


No repro. Same search string gives me the Bitcoin.com and the Coinbase app at the top. Scrolled through several dozen wallet apps and the one in the Reddit link never surfaced.


Here is a screen recording including this hacker news post + your comment & and a switch to the app store with the search phrase. The first result is the scam app. I scrolled down so you can see where serious apps are in the list of results. https://streamable.com/q2mulu


[flagged]


How am I supposed to prove I didn't seek the app out? What level of proof do you expect? Do you expect me to create a brand new apple account, replace the one in my phone (which might require wiping it?), and then search again, just to satisfy your default assumption that my claim is false?

When I first installed the app it was the first search result. I can't go back in time and prove it because I'm not paranoid and I don't screenshot the result of every search in every app store and search engine.

I reported it. I'm not trying to rally a mob against Apple. The bitcoin is gone.

I'm trying to prevent others from suffering the same fate as me. Based on what I'm reading in the comments here some other people in the world do trust apple app store search results, and I believe they've gained something from my post.


I also can't replicate your results but GP is pretty aggressive in a way I don't feel is necessary. Sorry you got scammed out of your crypto, hope it wasn't too bad. I do agree with the sentiment that you should be incredibly vigilant and verify anything you're going to put your money inside of, Bitcoin or otherwise though. But people in positions and wallets that are far bigger than you (presumably) have done worse so don't feel too bad (Ripple CEO losing $112 million worth of XRP, for example).

Edit: Unless that app had a ton of reviews removed recently, I recommend in the future looking at that number. It is crazy that they've gamed it up to #97 in the finance charts according to the app store listing for sure, though the Play store is not immune to this manipulation.


You corroborate with others independently before posting.


If only there was a website I could use to contact other like minded people where they could vote on posts they like and discuss them in comment sections.

Oh, wait


The problem is that you’re framing this as some kind of technical issue that no one else has reproduced. Did you follow any kind of common sense due diligence? How is this any different from blaming Google/Gmail because you fell victim to a phishing/scam email?


Others have reproduced it, see others comments. Perhaps for them the ranking changed slightly but the fact is a scam app is ranked as high as serious companies.

Gmail / Google are open, the App Store is closed and supposedly vetted and guarded. Apple sells to its customers security, quality, and trust. It’s one of the reasons one pays 2x for an iPhone. All of these promises of a better ecosystem have been broken through this experience.

One of the supposed advantages of the closed App Store is to absolve (to some extent) the user of having to do said due diligence.

Also, it’s not like it’s impossible. Google are doing it well - show me a scam app that’s in the top 10 of the play store for bitcoin, banking, finance etc. Hardly any to be found.


I just took a screenshot of the app store about an hour ago: https://pasteboard.co/bZ7qQvAzYggy.png


Yeah, at the top because you already have it downloaded


Fair enough. I removed it and recorded the screen again: https://streamable.com/y5nhy7


AppStore is a fucking desert, no legit apps or games. Their only purpose is to trick people into recurring payments ($10/week for a Minecraft skin anyone?) or ask very high prices for addons.

It's a tragedy for parents who look for games for their kids, 99% scam. That's why Apple Arcade even exists. You can't find any legit games in the normal range $1-$20 one time payment and all features enabled.

To me this shows Apple is past its good phase and deep into the dark phase, where their only purpose is to milk present users of all their worth. Enshittification for profit.


And this is why bitcoin is a worthless pyramid scheme. People have kind of stopped arguing it has any value now but back when they used to pretend it was a currency they acted like it’s something people would use.

Who would ever use a currency that can just be stolen like this? No way of getting anything back. No security. Slower than a bank transfer now.


At this point, I'm about 80% sure that a lot of these scam apps are being approved by corrupted Apple review staff.

So many of them are blatantly scams that it's not credibly "human error".


Any idea where they’re based? Are they global? They do my reviews at weird times.


It's just security theatre. App could pay enough to get competent people to grind out a few months of mind numbing app reviews. I guarantee they don't.


Have you tried following the transaction trail on the blockchain?


Yes, but how does following the tx trail help me in any way? They've moved the BTC a few times since the wallet sent it to them.


App Store is as scammy as Google play store.

Apple vets every app through their review team but it’s a shit show of inconsistency.

Apple’s wall garden doesn’t do much other than rent seeking.

I got scammed in an ethereum site back in the day. Wasn’t a big loss but it was the straw that broke camel’s back.

If it was my credit card, I would have been refunded. Coinbase did fuck all, couldn’t even reach a real human.

I sold all my crypto a few months later.

Crypto and stock market move in tandem. Crypto has much higher trading fees. Fidelity gives me zero fees.

From a value investing perspective, crypto was a bad and unsafe investment.

I agree that folks who got in 10 years early made a fortune, but last few years have lackluster growth.


1) You see recently visited apps on top of search results. Same applies for Google/Yandex (unless you turned off specific personalization settings). It is a feature to save your time from scrolling.

2) Post on Reddit is FUD from competitors (newly created account included). People who transfer C$150k know exactly what to do when they lose money (no, they don't visit /r/Bitcoin to ask "any chance of fund recovery or all gone?"). Don't promote FUD on HN.


When I installed it, it was the #1 organic search result. Other commenters report seeing the same app as #2 organic search result.

Just because an account is newly created does not make their first post FUD. Their story is precisely what happened to me, although for a slightly smaller amount of money.


Sad to say but it seems pretty are pretty dumb. Robinhood yields robinhood for first non-ad app, same with Bank of America, chase, Citi, etc. do people really just click the first thing they see? Wow.

As for the example - can’t replicate, but seems crazy to put a seed phrase into some random app you didn’t get yourself. Even if the app wasn’t a scam.


>do people really just click the first thing they see?

It's just people behaving in a certain way, and that being exploited. If people had a different behavior, the exploit would be different too.


I didn’t put a seed phrase into the app. I created a new wallet in it and transferred the btc to it.


It’s crazy that you can leave reviews from within the App Store, nor can you report it to Apple from within the App Store.


You're right, and I've done both. My review doesn't appear in the list of reviews.

What's crazy is that a scam app is the #1 organic search result for 'bitcoin wallet', above blockchain.com and coinbase.


(1) How much more valuable do you think it is to the scam app developer to appear at the top of the search results than for a legitimate wallet developer?

(2) Do you think a legitimate wallet app will engage in the same black-hat SEO tactics a scam app developer will?


> (1) How much more valuable do you think it is to the scam app developer to appear at the top of the search results than for a legitimate wallet developer?

Well, the scammer got CAD $150k out of the reddit guy I linked to and I lost a slightly smaller amount - and we're just two out of who knows how many thousands of app store users that installed this app. I'd say people trust the top 5-10 results quite a lot.

> (2) Do you think a legitimate wallet app will engage in the same black-hat SEO tactics a scam app developer will?

I think all the black-hat SEO in the world should not be able to surpass the obvious value disparity compared to legit apps with hundreds of thousands of installs and hundreds of reviews.


> …nor can you report it to Apple from within the App Store.

You can, since 2021. https://www.theverge.com/2021/10/4/22705405/apple-report-a-p...


I don’t see the option in the section that is referenced, only the privacy policy. ¯\_(ツ)_/¯


https://imgur.com/a/bOL3eCL


https://imgur.com/a/YU9CFOK


Tap “Get”.


You want me to install this app that took this dudes keys? No way lmao.


To be clear, it didn't take my keys. It generated a wallet to which I sent my bitcoin, which was then promptly sent somewhere else.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: