Authenticator App Reportedly Uses App Store Advertising to Scam s 3a4v6o Collects Secret QR Codes

Some copycat two-factor authenticator apps have annual subscriptions priced at up to $40 (roughly Rs. 3,300). s476t

Written by Siddharth Suvarna | Updated: 22 February 2023 14:33 IST

Authenticator App Reportedly Uses App Store Advertising to Scam s, Collects Secret QR Codes

Photo Credit: Unsplash/ Gilles Lambert 4iu5y

Two-factor authenticator apps can help s add a second layer of security to their s

Highlights

Copycat two-factor authenticator apps have been spotted on the App Store
These apps can charge up to $40 (roughly Rs. 3,300) in annual fees
s can opt for well-known apps from Google, Twilio for 2FA security

ment

Authenticator apps like Authy and Google Authenticator help s add a second layer of security to their , preventing malicious actors from accessing their personal information and data. Last week, Twitter announced that it would soon discontinue access to SMS-based two-factor authentication (2FA) for s who have not subscribed to the company's Twitter Blue service. Developers have now begun to flood the app store with authenticator apps that ask s to pay a subscription fee before they can add any s.

Security company Mysk claims (via 9to5Mac) that there are several similar-looking authenticator apps that have recently been published to the App Store. Unlike Authy and Google Authenticator that allow s to scan QR codes to set up 2FA on their s, these applications first require s to sign up for a free trial that converts into a subscription priced as high as $40 (roughly Rs. 3,300) per year. Gadgets 360 was able to confirm that some of these apps with annual subscriptions are currently available on the App Store.

The timeless art of authenticators!
All these authenticator apps are free and offer in-app purchases. You install them to discover that you can't scan any QR code until you subscribe, $40/year with 3 days free trial. The apps are very similar. 🧐#iOS #AppStore #2FA pic.twitter.com/OIW3XQZIwN
— Mysk 🇨🇦🇩🇪 (@mysk_co) February 19, 2023

In a separate tweet, the company also warns that at least one of these authenticator apps is running an advertising campaign on the App Store, and a screenshot reveals that it is the first app to show up when searching for "authenticator". According to Mysk, this app sends the contents of the scanned QR code to the developer's Google Analytics service. This could result in the leaking of s' 2FA codes to the developer of the application.

A screen recording shared by Mysk shows several similarly designed applications with very similar interfaces and prompts to subscribe to a $40/year annual plan. Developer Kevin Archer claims that these apps are being released with different metadata sets on new s, and seem to have skirted the guidelines enforced by the App Review team, including guideline 5.6.3 (Discovery Fraud), which does not permit manipulating App Store charts, search, reviews, or app referrals.

How to Set Up App-Based Two Factor Authentication on Twitter for Free

You need to be careful when you search for an authenticator app. This app sends the scanned QR codes to the developer's #Google analytics service. You won't miss it. It's running an ad campaign on the #AppStore #Privacy #CyberSecurity #2FA pic.twitter.com/huvAtilUnV
— Mysk 🇨🇦🇩🇪 (@mysk_co) February 19, 2023

According to a screenshot posted by the company, many of the apps were released last week, which is around the same time that announced that it was dropping for SMS-based 2FA for s who are not subscribed to its Twitter Blue service. s who had set up their s to receive SMS codes have until March to turn it off and set up third-party 2FA applications or hardware security keys to securely to their s.

The existence of these apps on the App Store means that s who are looking to 2FA apps on the App Store might end up ing one of these applications, putting their security at risk. Apps like Google Authenticator, Authy, Aegis Authenticator (Android), and Microsoft Authenticator are secure and reliable options from reputable companies that can be used to store 2FA authentication tokens instead.

5G is now available both on Android and iPhone in India. But is it any good? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

links may be automatically generated - see our ethics statement for details.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Security

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be ed via email at [email protected], on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More