How Fake Retail Apps Are Targeting iPhones This Holiday Season

November 7, 2016, 3:25 PM UTC
Photograph by Sean Gallup—Getty Images

Before you input your credit card information into an iPhone app this holiday season, be sure it’s the real thing.

Hundreds of counterfeit retail apps have been discovered in Apple’s App Store, mobile analytics company Branding Brand told The New York Times on Sunday. The apps, which were able to skate by Apple’s rigorous evaluation process, have pretended to be official apps for popular retail stores Dollar Tree and Nordstrom, among several others. Luxury fashion designers, including Christian Dior and Salvatore Ferragamo, were also spoofed, according to the Times.

The timing couldn’t be worse for Apple or consumers. With Thanksgiving Day just days away, the holiday shopping season is fast approaching. Some retailers have already announced details ahead of the critically important Black Friday and Cyber Monday, and are trying to woo shoppers before they spend it all on deals available elsewhere.

Get Data Sheet, Fortune’s technology newsletter

The fake apps are apparently an attempt by malicious developers—many of which are believed to be in China—to take advantage of growing consumer interest in making purchases from the comfort of their smartphones.

At least so far, many of the apps display pop-up ads in a bid to generate their developers some cash on advertising. Others, however, request customers input their credit card information, and some even contain malware that attempt to steal sensitive data on a person’s smartphone.

It’s unclear how the apps made their way through Apple’s defenses. The iPhone maker has been criticized over the years for its App Store approval guidelines. Before apps can make their way into the App Store, Apple testers try them out to ensure they don’t contain malware, are not offensive, and don’t violate any of its many regulations. Even the smallest infraction can cause Apple to send it back to developers.

In response, many developers have criticized Apple (AAPL) for making it too hard to get their apps into its marketplace. They’ve also noted that getting the same app into the Google Play (GOOG) marketplace for apps is much easier.

For more about Apple MacBook Pro, watch:

Apple and its supporters say its policies create a safer application marketplace that can keep iPhone and iPad users safe. They also note that Google’s less-restrictive policies creates the possibility of more malware finding its way to Android devices. In several studies over the years, Android has been shown to face more malware than Apple’s iOS.

Judging by the Times’ report, however, there now appears to be a breakdown of some sort in Apple’s app reviews. And both consumers and retailers are unwittingly falling victim to apps that want to target iPhone owners anywhere in the world.

Apple says it’s removed offending apps and said that its App Store is “safe and secure.” The company added that it will continue to investigate its marketplace in hopes of rooting out other malicious programs.

“We strive to offer customers the best experience possible and we take their security very seriously,” an Apple spokesman told Fortune in a statement. “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We’ve removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk.”

Still, not everyone is so sure that Apple can actually get the job done. As its App Store continues to grow and more developers offer up programs, it’s becoming harder for Apple to effectively check each app before it gives it a green light. Plus, developers are becoming far more sophisticated in how they hide their malware. The result? Fake apps are finding their way into the App Store each day, and Apple needs to root them out and remove them before they can do harm.

“It’s a game of Whac-a-Mole,” Branding Brand CEO Chris Mason told the Times.

Update at 11:30 a.m. on Nov. 7 to include Apple’s statement.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward