Fake Pokémon Go app on Google Play infects phones with screenlocker

"Pokemon Go Ultimate" requires battery removal or Device Manager to be uninstalled.

Read the whole story

 

[castleblanc]

crispyfrenchfries[/url]":tt8qkgmi]

ricm[/url]":tt8qkgmi]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

 

[macd2point0]

castleblanc[/url]":1db5de9q]

crispyfrenchfries[/url]":1db5de9q]

ricm[/url]":1db5de9q]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

Protecting a trademark is the trademark holder's responsibility and no one else's. Do you really expect Google, or even Apple to investigate the IP of every app in their marketplace? A trademark can be licensed, so an automated approach really can't work. Really, Nintendo should have been the first to send Google a cease and desist letter.

 

[Abhi Beckert]

castleblanc[/url]":3mxp1rli]

crispyfrenchfries[/url]":3mxp1rli]

ricm[/url]":3mxp1rli]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

Pokemon is a owned by a company "The Pokemon Company" which is owned by three other companies (Nintendo, Game Freak and Creatures).

According to Wikipedia the "official" Pokemon Go app is published by The Pokemon Company but if I actually look it up in the store, both Google and Apple show it was actually published by Niantic which is a small company that you can't expect any app store review team to have heard of.

Whatever contract Niantic has giving them permission to use the Pokemon trademark is a secret. And anyway you can't trust any evidence Niantic provides, they could just lie. So you have to reach out to the trademark holder... except The Pokemon Company is Japanese with no english version on their website, so how would I figure out how to get in touch with them? I could contact the american company authorised to distribute Pokemon in the USA... but chances are they didn't even know Pokemon Go exists until after it went public, so all they could do is provide me with contact details to the parent company... what a mess!

The developer community expects apps to be launched as quickly as possible - almost instant with Google Play and "usually within 24 hours" for Apple's App Store. It's impossible to do a trademark investigation in that amount of time.

Adding more fun to the mix, trademarks are specific to each country and there are ~250 countries. Are you going to do a separate trademark investigation for each country? I live in Australia, and a trademark search here shows 17 trademarks related to Pokemon, and the "Pokemon Go" listing is still pending so technically the applicant could still be told they're not allowed to have that trademark.

It gets worse than that – a registered business name search in Australia shows three companies with Pokemon in the name. None of them have registered trademarks but since they're not direct competitors to The Pokemon Company they are allowed to use the name, and they are also allowed to upload an app to the store (as long as it doesn't compete with Pokemon in some way). How do you block trademark infringement while still allowing legitimate situations where hundreds of companies happen to use the same name?

Trademarks are far too complicated to be enforced by an app store. Some infringements are blatant and can be blocked or removed quickly, but most require months of work.

Someone infringed on my trademark in Apple's App Store once, and I contacted Apple. All they did was give me contact details for the person in China who infringed, and told me to let them know if I don't get any response (he responded immediately and was nice enough to remove the app from the store along with a sincere apology).

 

[a_v_s]

truthyboy15[/url]":27xa9qhi]

Luddite Curmudgeon[/url]":27xa9qhi]Well, Device Manager would be my out because my phone has no removable battery.

well the powers that be decided its a brilliant idea not to have user accessible batteries. unless of course you want to void your warranty. the other day my S7 got hit with a popup from a disabled amazon app that required an act of god to get past.

Most all phones/tablets that don't have removable batteries, have the embedded power controller setup so that long-pressing the power button for 10 seconds will cause the EC to momentarily disconnect the main power rail, which is functionally equivalent to removing the battery and re-inserting it... It is not possible to bypass the EC behavior in software... The OS is not involved in this behavior, so even if the OS was completely crashed, this will still work.

Note: I worked with some teams that wrote the EC firmware for a few phones.

 

[Chemical Tribe]

I'm sorry but this is lame, and unacceptable. And no, they said they would start trying to look at apps closer this time.

 

[snowshovel]

RT81[/url]":3m9o8vg3]

Hat Monster[/url]":3m9o8vg3]

RT81[/url]":3m9o8vg3]How does an app using a trademarked name even appear on Google Play in the first place?

US trademark law. If you don't attempt to verify them, you have no liability.

In short: Congress said so.

Does Apple do that type of verification as part of their vetting process?

Based on a quick search on the Apple Store, I don't think Apple cares too much either.
Unless a developer named Amanda Tony secured the rights for "Catch em Go for Pokemon".
or Abela Haile secured the rights for "Pokemon Edition Shuffle Game"...which oddly gets a higher showing on the App Store than "Pokemon Shuffle Mobile" which IS an official Pokemon Company game.

 

[deanrozz]

"Stick to the Google Play Store" they said.

"You'll be safe" they said.

 

[Chemical Tribe]

deanrozz[/url]":tofxb98s]"Stick to the Google Play Store" they said.

"You'll be safe" they said.

You can troll all you want at appleinsider where you came from deanrozz.

 

[raptormissle]

SpinelessWonder[/url]":2jl2ndb8]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

Windows viruses, malware and ransomware and their variants probably outnumber the number of apps in the Play store alone. The Windows ecosystem is the very definition of a cesspool. The Windows OS is behind 99.9% of all of the computer horror stories, extortion and DDOS attacks you read about. Android doesn't even compare to the damage Windows has inflicted.

 

[jopaki]

love this news. don't go down without a fight!

 

[Chemical Tribe]

SpinelessWonder[/url]":1hx9y5t2]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

XP pre service pack 2 could be owned within 10 minutes of being on the internet. I don't think Android has ever suffered that fate, ever.

Until Windows8 came along MS didn't implement any sort of Android or ios like security. And technically someone installing a UWP from the internet could do the same thing on Win10.

 

[Theinsanegamer]

""Pokemon Go Ultimate" requires battery removal or Device Manager to be uninstalled."

Too bad the entire industry has all but abandoned the removable battery idea.

 

[Luddite Curmudgeon]

a_v_s[/url]":3cnc3fvp]

truthyboy15[/url]":3cnc3fvp]

Luddite Curmudgeon[/url]":3cnc3fvp]Well, Device Manager would be my out because my phone has no removable battery.

well the powers that be decided its a brilliant idea not to have user accessible batteries. unless of course you want to void your warranty. the other day my S7 got hit with a popup from a disabled amazon app that required an act of god to get past.

Most all phones/tablets that don't have removable batteries, have the embedded power controller setup so that long-pressing the power button for 10 seconds will cause the EC to momentarily disconnect the main power rail, which is functionally equivalent to removing the battery and re-inserting it... It is not possible to bypass the EC behavior in software... The OS is not involved in this behavior, so even if the OS was completely crashed, this will still work.

Note: I worked with some teams that wrote the EC firmware for a few phones.

That's good to know. Until somebody figures out a way to keep the malware going while the momentarily disconnect is ongoing. Like my screen name alludes to, I like the old way. Remove battery, count to 10, reinsert.

 

[DameonK]

Wow, all these Android hacks and viruses make me glad I use an iPhone!






I'll be back on Monday to see how many downvotes I got.
Have a good weekend!

 

[Chemical Tribe]

Luddite Curmudgeon[/url]":75bfxs9v]

a_v_s[/url]":75bfxs9v]

truthyboy15[/url]":75bfxs9v]

Luddite Curmudgeon[/url]":75bfxs9v]Well, Device Manager would be my out because my phone has no removable battery.

well the powers that be decided its a brilliant idea not to have user accessible batteries. unless of course you want to void your warranty. the other day my S7 got hit with a popup from a disabled amazon app that required an act of god to get past.

Most all phones/tablets that don't have removable batteries, have the embedded power controller setup so that long-pressing the power button for 10 seconds will cause the EC to momentarily disconnect the main power rail, which is functionally equivalent to removing the battery and re-inserting it... It is not possible to bypass the EC behavior in software... The OS is not involved in this behavior, so even if the OS was completely crashed, this will still work.

Note: I worked with some teams that wrote the EC firmware for a few phones.

That's good to know. Until somebody figures out a way to keep the malware going while the momentarily disconnect is ongoing. Like my screen name alludes to, I like the old way. Remove battery, count to 10, reinsert.

My old HTC sensation had a removable battery, but it was a pita to remove it, even if it was made to, since that meant taking the case off, then opening the back. I think though even if the batt is removable the power button trick works anyhow.

 

[Chemical Tribe]

Theinsanegamer[/url]":2jb4oqlo]""Pokemon Go Ultimate" requires battery removal or Device Manager to be uninstalled."

Too bad the entire industry has all but abandoned the removable battery idea.

LG still has it on their high end stuff.

 

[Luddite Curmudgeon]

sprockkets[/url]":1d6qxkxc]

My old HTC sensation had a removable battery, but it was a pita to remove it, even if it was made to, since that meant taking the case off, then opening the back. I think though even if the batt is removable the power button trick works anyhow.

My last phone was the HTC 3D. A year ago, the battery started to go bad; would run down in half a day. Charged fine, but it used battery even on sleep. I bought a replacement battery on eBay and once I swapped them out, battery life went back to normal.

This is where the planned obsolescence gets me. A bad battery shouldn't be a reason to buy another $600 phone. :/

 

[infected]

It's a lot more phaffing about than should be necessary, but anyone with a steady hand and an amazon account can replace the battery in pretty much any phone.

 

[Chemical Tribe]

Luddite Curmudgeon[/url]":4b4yx2dc]

sprockkets[/url]":4b4yx2dc]

My old HTC sensation had a removable battery, but it was a pita to remove it, even if it was made to, since that meant taking the case off, then opening the back. I think though even if the batt is removable the power button trick works anyhow.

My last phone was the HTC 3D. A year ago, the battery started to go bad; would run down in half a day. Charged fine, but it used battery even on sleep. I bought a replacement battery on eBay and once I swapped them out, battery life went back to normal.

This is where the planned obsolescence gets me. A bad battery shouldn't be a reason to buy another $600 phone. :/

I agree. I had to replace a Sony Z1c battery a few weeks ago. Surprisingly it wasn't that bad. Just had to heat up the back, then wedge it off, then the batter simply unhooks.

Nexus 5 wasn't bad either.

Still not as convenient though as the LG G5 and some other phones.

 

[jnuneznj]

RT81[/url]":20pbrs3c]

Hat Monster[/url]":20pbrs3c]

RT81[/url]":20pbrs3c]How does an app using a trademarked name even appear on Google Play in the first place?

US trademark law. If you don't attempt to verify them, you have no liability.

In short: Congress said so.

Does Apple do that type of verification as part of their vetting process?

No trademark verification but it's up to the trademark holder to follow up and request a takedown.

 

[jnuneznj]

sprockkets[/url]":2ni6nc89]XP pre service pack 2 could be owned within 10 minutes of being on the internet. I don't think Android has ever suffered that fate, ever.

Android with NFC was penetrated (root level) just by sitting next to the demonstrator at a Hacking Conference 2 years ago. Before that it was bluetooth. Android security is on the same level as all the other Active Operating Systems. The fact that you throw out XP is sad.

 

[jnuneznj]

agt499[/url]":2o39glef]

Hat Monster[/url]":2o39glef]

RT81[/url]":2o39glef]How does an app using a trademarked name even appear on Google Play in the first place?

US trademark law. If you don't attempt to verify them, you have no liability.

In short: Congress said so.

Interesting - so this would actively discourage them from checking - in a similar vein that not doing a patent search might provide a defense that an invention is obvious?

Discourage?!?! What company in their right mind would want to undertake trademark validation with out getting paid? And the $99 Apple fee or the $25 Google Play fee won't cover it.

 

[Chemical Tribe]

jnuneznj[/url]":2fhumnq2]

sprockkets[/url]":2fhumnq2]XP pre service pack 2 could be owned within 10 minutes of being on the internet. I don't think Android has ever suffered that fate, ever.

Android with NFC was penetrated (root level) just by sitting next to the demonstrator at a Hacking Conference 2 years ago. Before that it was bluetooth.

And that requires physical access to the device to work on, so what? XP could be hacked with no effort from the user whatsoever from anyone remotely.

Android security is on the same level as all the other Active Operating Systems. The fact that you throw out XP is sad.

First of all, I'm not the one who brought up XP.

Second of all, root on android devices is relatively useless as root cannot do much anymore with the system partition blocked off from even root access. That still is better than any desktop computer.

 

[jnuneznj]

Hat Monster[/url]":2krw5raj]The key take-away from this is that geoblocking fucks consumers.

Its a necessary evil. They can hardly deal with the traffic from the US release. Just imagine when Japan gets it!

 

[truthyboy15]

a_v_s[/url]":203wc0ig]

truthyboy15[/url]":203wc0ig]

Luddite Curmudgeon[/url]":203wc0ig]Well, Device Manager would be my out because my phone has no removable battery.

well the powers that be decided its a brilliant idea not to have user accessible batteries. unless of course you want to void your warranty. the other day my S7 got hit with a popup from a disabled amazon app that required an act of god to get past.

Most all phones/tablets that don't have removable batteries, have the embedded power controller setup so that long-pressing the power button for 10 seconds will cause the EC to momentarily disconnect the main power rail, which is functionally equivalent to removing the battery and re-inserting it... It is not possible to bypass the EC behavior in software... The OS is not involved in this behavior, so even if the OS was completely crashed, this will still work.

Note: I worked with some teams that wrote the EC firmware for a few phones.

I had to google a solution since holding down power didn't work. ended up having to hold power button and the volume down keys. http://www.androidexplained.com/galaxy- ... e-restart/

 

[Tr1umph]

iPirateEverything[/url]":3ncj1gvb]Computer security is hard, especially when a moron is born every minute or two...

Yeah, well those 'morons' tend to pay people like myself for correcting their mistakes so I don't judge people who have less know-how than myself.

 

[drachasor]

Zemzil[/url]":32iiwwhh]

iPirateEverything[/url]":32iiwwhh]Computer security is hard, especially when a moron is born every minute or two...

It's easy to accuse the moronoobery of victims who trust the Google Store, but the fact is that Android epidemiology, security, piracy and cybercriminality is out of control.

Even with a level of dangerosity and impact that not any Windows ever knew, nerds and geeks still not consider it as serious because terminal-to-terminal and storage/cloud infection is still not possible (or detected) as common desktop virus, so they do not feel concerned.

Isn't the bigger issue that with our current world-wide birth rate of around 4/second, a moron being born once every minute or two means they make up just 0.2% to 0.4% of the population?

 

[gulthaw]

Hat Monster[/url]":2yzymrbu]

greatn[/url]":2yzymrbu]I'd like to point out that Ars Technica itself linked to a third party APK download site in their initial reports about the app, before it was available in the US. I found that very irresponsible.

A user has to deliberately disable her device's built in block of said installations (and Ars provided a handy guide on how to do so) to make this possible.

At that point, she's asked for what she gets.

But, but... I'm a he!!

Anyway, I'd like to thank Ars Technica for providing those instructions. I'm now level 14 and enjoying it like nothing I've ever expected, my dog also thanks you... she's walking now more than ever.

Special thanks for being what a technological site should be, warning us from the possible problems but giving us the instructions nonetheless.

edithrasing

 

[Nostromo21]

iPirateEverything[/url]":20awht18]Computer security is hard, especially when a moron is born every minute or two...

Correct. If it was simple or easy it would be called rocket science. But it's not. It's complex & hard, so we call it computer science.

 

[Nostromo21]

crispyfrenchfries[/url]":2xiyctbk]

ricm[/url]":2xiyctbk]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

What could possibly go wrong...? 8-/

 

[fivemack]

macd2point0[/url]":3alex68z]

castleblanc[/url]":3alex68z]

crispyfrenchfries[/url]":3alex68z]

ricm[/url]":3alex68z]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

Protecting a trademark is the trademark holder's responsibility and no one else's. Do you really expect Google, or even Apple to investigate the IP of every app in their marketplace? A trademark can be licensed, so an automated approach really can't work. Really, Nintendo should have been the first to send Google a cease and desist letter.

But Google could make the job easier - for example, sending an email to the registered trademark holder giving them 24 hours to approve, and denying automatically if they don't get that approval. There is an imbalance and a neglect of the public interest in a mechanism where 'developers can upload instantly' is a priority over 'trademarks aren't infringed' and 'customers don't get malware'

 

[necrosis]

Abhi Beckert[/url]"7uhjjr3]

castleblanc[/url]"7uhjjr3]

crispyfrenchfries[/url]"7uhjjr3]

ricm[/url]"7uhjjr3]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

Pokemon is a owned by a company "The Pokemon Company" which is owned by three other companies (Nintendo, Game Freak and Creatures).

According to Wikipedia the "official" Pokemon Go app is published by The Pokemon Company but if I actually look it up in the store, both Google and Apple show it was actually published by Niantic which is a small company that you can't expect any app store review team to have heard of.

Whatever contract Niantic has giving them permission to use the Pokemon trademark is a secret. And anyway you can't trust any evidence Niantic provides, they could just lie. So you have to reach out to the trademark holder... except The Pokemon Company is Japanese with no english version on their website, so how would I figure out how to get in touch with them? I could contact the american company authorised to distribute Pokemon in the USA... but chances are they didn't even know Pokemon Go exists until after it went public, so all they could do is provide me with contact details to the parent company... what a mess!

The developer community expects apps to be launched as quickly as possible - almost instant with Google Play and "usually within 24 hours" for Apple's App Store. It's impossible to do a trademark investigation in that amount of time.

Adding more fun to the mix, trademarks are specific to each country and there are ~250 countries. Are you going to do a separate trademark investigation for each country? I live in Australia, and a trademark search here shows 17 trademarks related to Pokemon, and the "Pokemon Go" listing is still pending so technically the applicant could still be told they're not allowed to have that trademark.

It gets worse than that – a registered business name search in Australia shows three companies with Pokemon in the name. None of them have registered trademarks but since they're not direct competitors to The Pokemon Company they are allowed to use the name, and they are also allowed to upload an app to the store (as long as it doesn't compete with Pokemon in some way). How do you block trademark infringement while still allowing legitimate situations where hundreds of companies happen to use the same name?

Trademarks are far too complicated to be enforced by an app store. Some infringements are blatant and can be blocked or removed quickly, but most require months of work.

Someone infringed on my trademark in Apple's App Store once, and I contacted Apple. All they did was give me contact details for the person in China who infringed, and told me to let them know if I don't get any response (he responded immediately and was nice enough to remove the app from the store along with a sincere apology).

Considering Niantic was once owned by Google...

 

[crawfish]

SpinelessWonder[/url]":k5es7n4y]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

Just go ahead and say it. This wouldn't happen on the App Store.

 

[kerikoli]

I searched for this keyword on ars : AceDeceiver, but I found no results. I certainly did it wrong. Can somebody point me to the news ars made on this Trojan ? This news should have appeared around march 2016.
Thanks

 

[the_frakker]

If an app was not malicious, but simply made ad-clicks to a service in the background a couple times a day to generate revenue, would that be acceptable?

 

[Ragashingo]

the_frakker[/url]":1ahqrcjy]If an app was not malicious, but simply made ad-clicks to a service in the background a couple times a day to generate revenue, would that be acceptable?

That's click fraud, so no.

 

[Ragashingo]

fivemack[/url]":ykppuv1f]

macd2point0[/url]":ykppuv1f]

castleblanc[/url]":ykppuv1f]

crispyfrenchfries[/url]":ykppuv1f]

ricm[/url]":ykppuv1f]If it locks the screen inmediatelly after installation, how did Google miss that in their own tests for Google play approval?

When you push an app for Google Play approval, there isn't any human interaction with that app. It's just generic scanning and then almost instant approval.

So, does Google Play not include some verification that the proclaimed publisher of the app is really the publisher? I mean, someone can't claim to be Electronic Arts but not really be them, right?
Because that would be just stupid if that's not the case.

Protecting a trademark is the trademark holder's responsibility and no one else's. Do you really expect Google, or even Apple to investigate the IP of every app in their marketplace? A trademark can be licensed, so an automated approach really can't work. Really, Nintendo should have been the first to send Google a cease and desist letter.

But Google could make the job easier - for example, sending an email to the registered trademark holder giving them 24 hours to approve, and denying automatically if they don't get that approval. There is an imbalance and a neglect of the public interest in a mechanism where 'developers can upload instantly' is a priority over 'trademarks aren't infringed' and 'customers don't get malware'

Good luck ever getting anything with "saga" or "scrolls" or "sky" or whatever up on the Play store ever again. It had enough to get around dumb trademark claims without Google blanket blocking anything that has a similar name to something else...

 

[Mitlov]

crawfish[/url]":2jfxjkxe]

SpinelessWonder[/url]":2jfxjkxe]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

Just go ahead and say it. This wouldn't happen on the App Store.

Malicious apps getting into even a curated store happens to everyone sooner or later...

http://meincmagazine.com/security/2015/09 ... app-store/

 

[deanrozz]

Mitlov[/url]":2atm3uay]

crawfish[/url]":2atm3uay]

SpinelessWonder[/url]":2atm3uay]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

Just go ahead and say it. This wouldn't happen on the App Store.

Malicious apps getting into even a curated store happens to everyone sooner or later...

http://meincmagazine.com/security/2015/09 ... app-store/

Ah, yes. The tried and true method of deflection. When faced with a problem on your platform, talk about issues with other platforms instead.

Are you going to claim that the number of malicious Apps that get into The App Store are equal?

 

[Mitlov]

deanrozz[/url]"2onfchp]

Mitlov[/url]"2onfchp]

crawfish[/url]"2onfchp]

SpinelessWonder[/url]"2onfchp]It seems like every other day there is yet another example of how the Google ecosystem is horribly implemented and maintained. Google needs to do a better job protecting their users.

Android currently reminds me of Windows XP pre-SP2. You'd think Google would have learned from others mistakes, but they haven't.

Just go ahead and say it. This wouldn't happen on the App Store.

Malicious apps getting into even a curated store happens to everyone sooner or later...

http://meincmagazine.com/security/2015/09 ... app-store/

Ah, yes. The tried and true method of deflection. When faced with a problem on your platform, talk about issues with other platforms instead.

Are you going to claim that the number of malicious Apps that get into The App Store are equal?

When someone says "this would not have happened in [other app store]," saying "look what happened in this other app store" is not deflection, it's a direct response to the assertion.