Brown Presses Apple and Google on Protections Against Crypto App Fraud

WASHINGTON, D.C. — Sen. Sherrod Brown (D-OH), Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, sent letters to Sundar Pichai, CEO of Alphabet and Google, and Tim Cook, CEO of Apple, requesting information about the companies’ mobile application safeguards. Senator Brown’s letter comes on the heels of a Federal Bureau of Investigation (FBI) warning against fake cryptocurrency apps that have scammed hundreds of investors for losses of more than $42 million.

“Cyber criminals have stolen company logos, names, and other identifying information of crypto firms and then created fake mobile apps to trick unsuspecting investors into believing they are conducting business with a legitimate crypto firm. Alarmingly, far too many investors have fallen victim to such scams with losses exceeding $42 million,” wrote Brown. “While firms that offer crypto investment and other related services should take the necessary steps to prevent fraudulent activity, including warning investors about the uptick in scams, it is likewise imperative that app stores have the proper safeguards in place to prevent against fraudulent mobile application activity.”

Brown has led the fight to protect investors and consumers from cryptocurrency scams and risks. Today, he is chairing a hearing on protecting Americans against the scams and risks of crypto and securities markets. In March, Brown held a hearing to call attention to the role that digital assets play in cybercrime and illicit finance. And in February, he held a hearing to evaluate the risks that stablecoins present to our economy.

A copy of the letter to Alphabet is available here.

A copy of the letter to Apple is available here and below.

Dear Mr. Cook:

In recent years, crypto trading platforms and exchanges have experienced a surge in popularity with millions of investors downloading mobile apps to trade and invest in digital assets. Millions of Americans use mobile apps to invest in unregulated digital assets, including cryptocurrencies. Crypto mobile apps are available to the public through app stores, including Apple’s App Store. While crypto apps have offered investors easy and convenient ways to trade cryptocurrency, reports have emerged of fake crypto apps that have scammed hundreds of investors. 

The Federal Bureau of Investigation (FBI) recently issued a warning about the proliferation of fake cryptocurrency mobile apps created by cyber criminals to defraud investors.1 Cyber criminals have stolen company logos, names, and other identifying information of crypto firms and then created fake mobile apps to trick unsuspecting investors into believing they are conducting business with a legitimate crypto firm. Alarmingly, far too many investors have fallen victim to such scams with losses exceeding $42 million. According to the FBI, in one case, cyber criminals defrauded at least two dozen investors by creating a mobile app that used the name and logo of a real trading platform. Investors downloaded the app and deposited cryptocurrency in wallets. Ultimately, the app was a fake and the victims of the scam could not withdraw funds from their accounts.

While firms that offer crypto investment and other related services should take the necessary steps to prevent fraudulent activity, including warning investors about the uptick in scams, it is likewise imperative that app stores have the proper safeguards in place to prevent against fraudulent mobile application activity.

To better understand the measures your company is taking to prevent fraudulent activity in your app store, please respond to the following questions by August 10, 2022:

  1. Describe the review process your company takes before approving crypto apps to operate in your app store. In your response, please provide the following information:
    1. The factors or criteria used by your company to determine whether to grant approval to an app, including the steps your company takes to confirm the app seeking approval is a trusted and secure app.
  1. Describe the steps your app store takes to prevent cryptocurrency apps operating in your app store from circumventing app store policies by transforming into phishing apps. In your response, please describe in detail the frequency to which your app store monitors apps to safeguard against fraudulent activity as well as the steps it takes to remove apps determined to be fraudulent.
  1. Describe all the systems and processes your company has in place for people to report fraudulent apps.
  1. Describe all actions your app store has taken to alert people about actual or potential fraudulent activity associated with cryptocurrency investment apps.
  1. Since January 2020, has your app store coordinated or shared any actions or activities with other app stores related to the suspension or removal of fraudulent cryptocurrency apps? If so, please explain.

Thank you for your prompt attention to this request. Should you have any questions, please do not hesitate to contact my staff at (202) 224-7391.

Sincerely,