Scammers got past Apple’s app review process this holiday season, managing to sneak software that scammed new Alexa users out of information on their home wireless networks and devices.
The app, called “Setup for Amazon Alexa,” managed to hit #60 in the iOS App Store’s Top Free section, and #6 in the Utilities category, according to 9to5Mac. A screenshot shows the app, which has now been taken down from the App Store, received more than 9,000 ratings.
But the app didn’t work—it just asked for the IP address and serial numbers of devices. With that information, the scammers could claim to own the devices and register them to their own Amazon accounts, and know the physical location of the Alexa users. However, tech site BGR tried the app and surmised it was just a ploy to keep users on the app as long as possible to show them ads.
In the future, the best practice for downloading apps associated with a new gadget is to make sure the app’s developer matches with the maker of the gadget. In this case, it was a developer called One World Software, not Amazon.