WASHINGTON, DC — Sen. Sherrod Brown (D-OH), chairman of the Senate Committee on Banking, Housing and Urban Affairs, sent letters to Alphabet and Google CEO Sundar Pichai and Apple CEO Tim Cook, requesting information about the security measures of companies for mobile applications. Senator Brown’s letter follows a Federal Bureau of Investigation (FBI) warning about fake cryptocurrency apps that have scammed hundreds of investors with losses of more than $42 million.
“Cyber criminals have stolen company logos, names, and other identifying information from crypto companies, then created fake mobile apps to trick unsuspecting investors into believing they are doing business with a legitimate crypto company. Alarmingly, far too many investors have fallen victim to such scams, with over $42 million in losses.” wrote Brown. “While firms offering crypto investments and other related services should take the necessary steps to prevent fraudulent activity, including warning investors of the rise in scams, it is equally imperative that app stores have the right Safeguards in place to prevent fraudulent mobile application activity.”
Brown has led the fight to protect investors and consumers from cryptocurrency fraud and risk. Today he is chairing a hearing on protecting Americans from the scams and risks of the crypto and securities markets. In March, Brown held a hearing to draw attention to the role digital assets play in cybercrime and illicit financing. And in February, he held a hearing to assess the risks that stablecoins pose to our economy.
A copy of the letter to Alphabet is available here.
A copy of the letter to Apple is available here and below.
Dear Mr. Koch,
In recent years, crypto trading platforms and exchanges have seen a surge in popularity as millions of investors download mobile apps to trade and invest in digital assets. Millions of Americans use mobile apps to invest in unregulated digital assets, including cryptocurrencies. Mobile crypto apps are available to the public through app stores including Apple’s App Store. While crypto apps have offered investors easy and convenient ways to trade cryptocurrency, reports have surfaced of fake crypto apps that have scammed hundreds of investors.
The Federal Bureau of Investigation (FBI) recently issued an alert about the proliferation of fake cryptocurrency mobile apps developed by cybercriminals to defraud investors.1 Cybercriminals stole company logos, names, and other identifying information from crypto companies and then fake cell phones creates apps to trick unsuspecting investors into believing they are doing business with a legit crypto company. Alarmingly, far too many investors have fallen victim to such scams with losses of over $42 million. In one case, according to the FBI, cybercriminals defrauded at least two dozen investors by creating a mobile app that used the name and logo of a real trading platform. Investors downloaded the app and deposited cryptocurrency into wallets. Ultimately, the app was fake and victims of the scam were unable to withdraw funds from their accounts.
While companies offering crypto investments and other related services should take the necessary steps to prevent fraudulent activity, including warning investors of the rise in scams, it is equally imperative that app stores have the proper safeguards in place, to prevent fraudulent activity of mobile applications.
To better understand what measures your company is taking to prevent fraudulent activity on your app store, please answer the following questions by August 10, 2022:
- Describe the vetting process your company follows before approving crypto apps to run on your app store. In your reply, please provide the following information:
- The factors or criteria used by your organization to determine whether to approve an app, including the steps your organization takes to confirm that the app requesting approval is a trusted and secure app is.
- Describe the steps your app store is taking to prevent cryptocurrency apps operated on your app store from circumventing app store policies by turning into phishing apps. In your response, please detail how frequently your app store monitors apps to protect them from fraudulent activity, and the steps it takes to remove apps identified as fraudulent.
- Describe any systems and processes your company has in place to allow people to report fraudulent apps.
- Describe any actions your app store has taken to alert people to actual or potential fraudulent activity related to cryptocurrency investment apps.
- Since January 2020, has your app store coordinated or shared actions or activities related to the suspension or removal of rogue cryptocurrency apps with other app stores? If yes, please explain.
Thank you for your prompt processing of this request. If you have any questions, please do not hesitate to contact my staff at (202) 224-7391.