BTW, it seems like the iOS app store isn't exactly bulletproof either. Both Google and Apple should be ashamed for allowing these apps. I do wonder if third party mobile AV's could have helped to spot these malicious apps. https://www.wired.com/story/meta-facebook-login-stealing-android-ios-apps/
The Apple store was never bullet proof. I do wish Apple and Google would pull their fingers out a bit though.
I have to say that I almost never read about malicious apps on the iOS app store. I wonder what this will mean for Apple's court battle with companies that want to offer third party app stores. Apple can say that even they can't keep app stores malware free, but other companies can say that Apple's argument is pretty much BS. Keep in mind, this is quite dangerous malware that's capable of stealing not only passwords but even 2FA codes.
I don't run iOS so it's difficult to say. I more or less trust what I've downloaded to macOS from the store. Although they are programs I'm pretty familiar with anyway.
I think in general, app stores from Google, Microsoft and Apple should be pretty safe, but this is a good reminder to not blindly assume there isn't any malware on these stores. Now that I think of it, would have been cool to know which third party mobile AV's could spot these malicious apps.
It is a problem for Google because most of these apps were found in Google Play. So Apple is doing a better job, but somehow they still failed to spot these 50 password stealing apps. Like I said, I do think it's weird that in these articles you almost never read about which AV could have blocked these apps. But just like on macOS and Windows, it's probably best to download only well known apps on mobile phones.
I have a cheap flip phone as a back up. I have no intention of ever using it online. Now, if only I can find a cheap flip Star Trek communicator facsimile phone ...
