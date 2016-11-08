The rogue apps, most of which came from developers in China, slipped through Apple’s process for reviewing every app before it is published.

SAN FRANCISCO — Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers.

The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, department stores like Dillard’s and Nordstrom, online bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

“We’re seeing a barrage of fake apps,” said Chris Mason, CEO of Branding Brand, which helps retailers build and maintain apps. He said his company tracks new shopping apps, and this was the first time it had seen so many counterfeit iPhone apps emerge in a short period of time.

Some of them appeared relatively harmless, essentially junk apps that served up annoying pop-up ads, he said.

But there are serious risks to using a fake app. Entering credit-card information opens a customer to potential financial fraud. Some fake apps have contain malware that can steal personal data or even lock the phone until the user pays a ransom. And some encourage users to log in with their Facebook credentials, potentially exposing sensitive information.

That scrutiny, which Apple markets as an advantage over Google’s less restrictive Android platform, is supposed to stop any software that is deceitful, that improperly uses another company’s intellectual property or that poses harm to consumers.

In practice, however, Apple focuses more on blocking malicious software and does not routinely examine the thousands of apps submitted to the iTunes store every day to see if they are legitimate.

With apps becoming more popular as a way to shop, it is up to brands and developers themselves to watch for fakes and report them, much as they scan for fake websites, said Ben Reubenstein, chief executive of Possible Mobile, a Denver company that makes apps for JetBlue Airways, the PGA Tour and Pokémon, among others.

“It’s important that brands monitor how their name is being used,” he said.

Apple removed hundreds of fake apps last week after The New York Times inquired about the specific vendors that created many of them. Other apps were removed after a New York Post article drew attention to some of the counterfeits.

“We strive to offer customers the best experience possible, and we take their security very seriously,” said an Apple spokesman, Tom Neumayr. “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We’ve removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk.”

In September, Apple also embarked on a campaign to review all 2 million apps in the App Store and remove “apps that no longer function as intended, don’t follow current review guidelines or are outdated.” The company says a significant number of apps have been removed and that the review is continuing.

Despite Apple’s efforts, new fake apps appear every day. In some cases, developers change the content of an app after it has been approved by Apple’s monitors. In other instances, the counterfeiters change their names and credentials, and resubmit similar apps after one round of fakes is discovered.

“It’s a game of whack-a-mole,” Mason of Branding Brand said.

Many of the fake retail apps have red flags signaling that they are not real, such as nonsensical menus written in butchered English, no reviews and no history of previous versions. In one fake New Balance app, for example, the tab for phone support did not list a phone number and said, “Our agents are available over the hone Monday-Firday.”

Data from Apptopia show that some of the fake apps have been downloaded thousands of times. Reviews posted on some of the apps indicated that at least some people tried them and became frustrated. “Would give zero stars if possible,” wrote one reviewer of the fake Dollar Tree app. “Constantly gets stuck in menus and closes what you were doing and makes you start over.”

Mason says consumers want to shop online and they search for apps from their favorite stores and brands.

“The retailers who are most exposed are the ones with no app at all,” he said. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps.

But the counterfeiters have also mimicked companies that do have an official presence in the App Store, hoping to capitalize on consumer confusion.

Foot Locker, for example, has three iPhone apps. But that did not stop an entity calling itself Footlocke Sports Co. from offering 16 shoe and clothing apps in the App Store, including one purporting to be from Foot Locker rival Famous Footwear.

Similarly, Kroger has 20 iPhone apps, reflecting the various retail chains in its empire, such as Fred Meyer and QFC. An entity calling itself The Kroger Inc. had 19 apps, purporting to sell things as diverse as an $80 pair of Asics sneakers and a $688 bottle of Dior perfume.

Some of the fake apps have even used Apple’s new paid search ads to propel them to the top of the results screen when customers search for specific brands. i

Jon Clay, of Trend Micro, an internet security firm, said Apple’s tight iPhone control had historically kept malicious apps out of its App Store. But that is beginning to change. After the Pokémon Go game was released in the U.S., fake iPhone apps related to the game appeared, especially in countries where the game was not yet available.

“The criminals are going to take advantage of whatever is hot,” Clay said.