Earlier this week, my colleague Simon Phipps discovered several fraudulent apps on the Apple App Store. He was able to reach one of the developers, who claimed his Apple developer credentials had been stolen, and someone else put up the fake version of Quickoffice using those credentials.

If those credentials were stolen, they didn’t need to be — Apple has a strong second-factor authentication system in place to prevent account hijacking. But it was rolled out only in the last year, so many developers may not have implemented it, relying instead on the still-available, basic security system that isn’t as secure.

To read this article in full or to leave a comment, please click here