For the past several months Tor developers have unsuccessfully been trying to convince Apple to remove from its iOS App Store what they believe to be a fake and potentially malicious Tor Browser application.
The issue came into the public spotlight Wednesday when people involved in the Tor Project, which develops the Tor anonymity software, took to Twitter to make their concerns heard.
Runa A. Sandvik, a staff technologist at the Center for Democracy and Technology who’s also involved in the Tor Project, said on Twitter, “Dear Apple, please take down the fake #Tor Browser Bundle you have in your App Store.”
Sandvik pointed to an entry on the Tor Project’s bug tracker where the third-party app has been discussed by Tor developers since December.
“Tor Browser in the Apple App Store is fake,” the entry’s description reads. “It’s full of adware and spyware. Two users have called to complain. We should have it removed.”
According to subsequent messages on the bug tracker, a complaint was filed with Apple on Dec. 26 and the company reportedly responded on Jan. 3 saying it will give a chance to the app’s developer to defend it.
More than two months later, the Tor Browser app created by a developer named Ronen is available still in the App Store. It was last updated on Nov. 6 and only one of the three customer reviews so far includes a complaint about how ads are being displayed, with the reviewer noting that the app is very good at what it does otherwise.
The discussion continued in the weeks that followed on the Tor Project bug tracker, with developers proposing contacting Apple employees directly and public “naming and shaming” as possible courses of action.
“I mailed Window Snyder and Jon Callas to see if they can get us past the bureaucracy,” Tor Project Leader Roger Dingledine said Wednesday on the bug tracker using his developer handle arma. “Otherwise I guess plan C is to get high-profile people on Twitter to ask Apple why it likes harming people who care about privacy. (I hope plan B works.)”
Apple did not immediately respond to a request for comment.