Tor warns of malicious Tor browser offered on the App Store
A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple’s App Store.
The open ticketshe linked to on the project’s site show that for whatever reason, Apple is not moving fast enough to remove to address the concerns of Tor officials.
They first complained about the fake and malicious app to Apple on 26 December 2013.
Apple has responded on January 3, 2014 by saying that they are giving a chance to the author of the app to defend his offering. But after that, the company has remained silent, and has not responded to additional emails sent by Tor nor removed the app.
The latest development came on Wednesday, when one of the Tor volunteers stated: “I think naming and shaming is now in order. Apple has been putting users at risk for months now,” and another has asked Window Snyder and Jon Callas – two former Apple employees well-respected in the security community – help to bypass the bureaucracy and receive an answer from the company.
“Otherwise I guess plan C is to get high-profile people on Twitter to ask Apple why it likes harming people who care about privacy,” he added.
Apple is notorious for its secretive vetting process for apps that are submitted to its online store, and for their usual lack of public comment on security matters, but additional attention to this particular problem should, at least, result in the company responding to Tor’s complaint.