How will users of Apple devices in Europe respond to greater autonomy (and responsibility)?

How will users of Apple devices in Europe respond to greater autonomy (and responsibility)?

When the Romans withdrew from Britain, the Britons left behind had lived with under the protection of their occupiers for centuries and were unequipped to defend themselves against raiders from the north (Scotland). Recognising their own vulnerability, the Britons reached out to Saxon mercenaries (Hengist and Horsa) for protection. As a consequence, Britain was occupied once again. This time by the Saxons they had called on for support. So when the responsibility of our own protection is taken out of our hands, what happens when we can no longer rely on the hands that do hold that responsibility1?

LassPass … or did I mean LastPass?

A password manager appeared on Apple’s App Store under the name of LassPass featuring a logo very similar to the LastPass logo – both a white on red representation of masked password entry ending with a caret. Apple gives LassPass’s developer as Parvati Patel, whereas LastPass is by LogMeIn, Inc. LassPass also only had a single review (at the time LastPass took a screenshot from the App Store) compared with LastPass’s 52,300 reviews. This was quickly identified and the app was subsequently removed for for violating Apple’s copycat policy. You might wonder why it’s a big deal then.

Figure 1 LassPass (left) and LastPass (right) logos

The problem for Apple is that this has happened on Apple’s own App Store at a time the company is trying hard to sell the App Store as the only way to be certain that you aren’t downloading malicious software or protect yourself against “objectionable” content like pornography2. The reason they are going at this so hard right now is that, in compliance with the Digital Markets Act in Europe, Apple are having to open up their operating systems to installing apps from third-party marketplaces and allowing the side loading of apps. Whether this hard sale is motivated by a genuine concern over protecting their customers or by feeling threatened by the potential loss of revenue on commissions3, this incident will be a blow to Apple’s promotion of its App Store as the only means of protecting users. How the copycat app got through the verification process is unclear, but it is worth pointing out that Apple did remove the app two days after LastPass reported the allegedly fraudulent app to Apple. The app might have been different enough not raise any flags as a copycat, but aside from the astonishingly similar design and name, LastPass point to spelling errors as indicators of an “app [that] is fraudulent”.

There is another app by the same developer still available on the Apple App Store called PRAJAPATI SAMAJ 42 Gor ABD-GNR which appears to be a social media app, but one that does not collect data according to the app privacy statement. However the developer’s own privacy policy suggests that some data will be collected. The app is described as one that “will allow users to stay connected to their community and thrive along with the individuals”.

Figure 2 PRAJAPATI SAMAJ 42 Gor ABD-GNR privacy statement

The allegation against LassPass is that it is a “fraudulent app impersonating LastPass” rather than an app that will steal your credentials or other data, but the allegations raise concerns about users who may have been misled into trusting their data (including passwords and payment information) to this developer. I’ve reached out to the contact email of the developer to get their side of things and ask their opinions on the wider topic of this article. I will update if they respond.

Have Apple’s customers been wrapped in cotton wool?

Besides undermining confidence in the App Store specifically, there are other lessons in this story. You can read plenty about the incident itself and what it means for Apple and their customers on numerous news outlets. My takeaway from this is the consequence on creating a culture of dependency and reliance on a service that denies such a degree of user autonomy (and responsibility) as Apple does with its users.

It won’t surprise anyone who knows me to learn that I’m a critic of Apple’s closed nature. When I got a Windows 3.1 laptop before moving up to secondary school, I was amazed by the control I had over it. Ignoring the manuals, I learned through trial and error. When Windows 95 came out, my mind was blown that I could upgrade my existing laptop with it. Until then, every OS I ever used was the one that came on the machine (Spectrum Sinclair, Acorn BBC Micro, Commodore 64) and that was all you could get. Imagine my joy when I discovered Linux! But before Linux or Win 95, I had to come face to face with the Macintosh! The schools in my area finally upgraded from the old BBC Micros and I was looking forward to trying the Macs out. This was either the 93 or 95 models (a generation or three before the iMacs). “Why is there only one mouse button?”, “How do I do…?”, “What do you mean I don’t?”. Apparently someone didn’t think it was a good idea to have kids using school computers that didn’t have guard rails against user stupidity. What idiot thought of that!?

Alright, so maybe that idiot had a fair point. As I said, I learned through trial and error. That meant making mistakes that were sometimes not so good. They were educational and I’d have to learn to recover from the mistake – ideally before either of my parents found out (so really soon would be good!). Maybe not the kind of risks you want to expose a brand new collection of computers to when the faculty lack the skill to mitigate those risks themselves. But those guard rails seemed to push new computer users into conforming to a certain orthodox. Had things changed since the 1984 advert or were Macs always like this? Either way, I think it left users unprepared for how to deal with things on their own or respond dynamically to unexpected events. I fear a similar problem with the App Store, especially now that long-time Apple users will have access to a more competitive app market. Perhaps a large portion of Apple users will be made vulnerable to risks through years of reliance on the safety of the App Store, perhaps those Apple users already recognise their vulnerability and that’s why they opt for Apple’s “user friendly”4 environment, or perhaps nearly all users will be empowered to make informed decisions when deciding whether to download a cheaper alternative from another marketplace.

Specific to LassPass, any users who mistakenly downloaded this instead of LastPass will have placed trust in this unknown application program they have installed on their device on the basis of the trust they placed in the App Store to ensure all its apps adhere to Apple’s app review process. That is a sort of outsourcing of trust by users to the App Store; If they trust it, we trust it. Assuming the process works then on the one hand it protects users from mistakenly downloading dangerous software, clones of other developer’s work or “objectionable” content. On the other hand, when it fails like this, users may be unprepared for the risks when they place their trust in the store. I’ve asked the LassPass developer if they can provide the number of downloads their app has, but this is likely to be low based on the low review count. So the consequences of this “failure” is merely hypothetical. However, now that European iPhone users will be getting access to alternative marketplaces – with potentially many offering cheaper alternatives to the App Store – Apple users should be aware they won’t have the same assurances as the App Store from these alternatives. Will they’re new autonomy leave them susceptible to fraudulent or even dangerous apps? Will they invite Hengist and Horsa onto their devices or will they embrace their newfound responsibilities as much as their newfound autonomy and make considered and informed decisions about the applications they download?

  1. To be clear, I’m not saying that the App Store should now be considered unreliable from a security standpoint on the basis of this single incident. However, any users who might have been taken in by this would have been let down by the trust they’ve placed in the App Store taking on the responsibility of protecting them. Besides that, this issue seems to have been caught early so you might argue that the system still worked. I won’t be making an argument on way or the other on that point. My interest here is on the potential pitfalls when we outsource responsibility of our own protection (or when the responsibility is denied to us altogether). ↩︎
  2. If you object to beautiful naked people. It’s really down to Apple to judge what is deemed objectionable on their own App Store. ↩︎
  3. Incidentally, Apple will be charging a “Core Technology Fee” on apps installed from any marketplace that cross a certain threshold. ↩︎
  4. Should something be described as user friendly when it is easy to use even if it also limits what the user can do? I find being denied the ability to do something on my own device as its user unfriendly. ↩︎

Just one last thing. I’ve intended to be critical of Apple’s product, not its customers. If you think I’ve been unfairly critical of either then let me know in the comments.

One thought on “How will users of Apple devices in Europe respond to greater autonomy (and responsibility)?

  • Leave a Reply

    Your email address will not be published. Required fields are marked *


    This site uses Akismet to reduce spam. Learn how your comment data is processed.