Image Courtesy: The Verge

Fakespot, renowned for its online browser extensions that attempt to sift out fraudulent product reviews, has abruptly removed its iPhone and iPad apps – because Amazon submitted Apple a takedown request, which both Amazon and Fakespot confirmed, and Apple opted to delete the app.

The mega-retailer was concerned that a recent upgrade to the Fakespot software was “wrapping” its website without authorization, and that this might conceivably be abused to steal Amazon user data. According to Fakespot founder Saoud Khalifah, Apple unexpectedly deleted the app today without explanation. Apple says the software was deleted, but disputes the reasons.

The new Fakespot app was released little over a month ago, and I can confirm that it allows you to log in to Amazon, explore, and buy things while overlapping Fakespot’s overlay on top. I downloaded and tested it a few weeks ago to see if it could help me identify phoney reviews on some new purchases, but I’m still not sure if it worked. However, according to Fakespot’s creator, Amazon began a takedown notice in mid-June.

According to Khalifah, Apple eventually issued a frank three-line email stating how it regretted that the problem couldn’t be addressed peacefully and that Fakespot has now been deleted from the App Store only hours ago. “We simply put months of resources, time, and money into this app,” Khalifah adds.

However, Apple reported, “On June 8, Amazon began a dispute over intellectual property rights, and within hours we guaranteed that both sides were in contact with one another, outlining the issue and measures for the developer to follow to retain their app on the store, and providing them sufficient time to address the issue. We contacted Fakespot again on June 29th, weeks before deleting their programme from the App Store.”

Over the phone, Khalifah emphasised that Apple did indicate on June 29th that it “may be compelled to pull” Fakespot from the App Store, but that Apple never gave any more guidance, and that it was mostly simply a dialogue between Amazon and Fakespot before Apple removed the app. “I’m surprised Apple opted to side with Amazon without any evidence,” Khalifah says. 

Amazon claims that Fakespot violates Apple policy 5.2.2. Amazon also claims that Fakespot injects code into its website, creating an attack vector and putting user data (including email addresses, credit card information, and browser history) at danger, but it claims that it does not know if Fakespot is exploiting this information.

However, while Fakespot concedes that the app injects code to display its own scores, he emphatically rejects any vulnerability and points out that applications with a web browser view are widespread — including coupon apps that Amazon appears to “have no difficulty wrapping around a webview browser.” Last January, Amazon attempted to warn customers about the browser coupon extension Honey, claiming it was a security concern.


Please enter your comment!
Please enter your name here