how do you ensure a bad actor can't create an app that looks like 1password and steal your passwords
If a bad actor creates an app that looks like 1password and they either put it in an App Store or someone side loads it, how can a user be sure they are installing the real app?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:app spoofing
Comments
-
Good question! The only official way to install iOS apps is through the App Store. That is the only place you should be going to install security software such as 1Password. Getting files from alternative stores or side loading apps is not something you should ever be doing with something as critical as 1Password. Your best defence is always going directly to the App Store.
There have been people who have tried to upload copycat apps before, but there are usually telltale signs that it is not the proper thing. The same applies to pretty much any copycat of a popular app. For one, these apps are usually lower down in the App Store listings. If you search 1Password, the one that comes up is ours. We also have been featured by Apple multiple times and have the Editors Choice marking on our app. We have our banner on the top of the App Store listing as well as our demo videos that you can look out for. Copycat apps are also universally listed under a different developer. If it is not provided by us, it's not 1Password. You can also check version numbering, as well as reviews.
0 -
Of course the user has to be sensible enough to download the correct product. That may sound obvious, but I remember at least one occasion when someone asked a question in these forums, and it turned out he had downloaded iPassword. Misidentification by typo is a risk.
0 -
Yep, that is true enough danco. Unfortunately there isn’t much if anything we can do about other apps masquerading as 1Password.
Ben
0 -
Thanks guys - do you view Android as a greater risk in this regard since it is easier to side load apps?
0 -
The same rules apply there. Do not side load 1Password. Only acquire it from the Google Play Store same as only acquire it from the App Store for iOS.
0
