This Fake Alexa App Made It To Apple's Top 10
It would appear that a malicious app by the name of "Setup for Amazon Alexa" climbed the Apple app store charts all the way to the top 10 before its removal. This app's true intent is not yet known, but it most certainly was not made by any sort of official Amazon entity. This app reached at least number 6 on the app store charts for Utilities, and within the top 60 for "top free" apps in general. Now it's been removed.
While the app is no longer up or available in the official iOS app store, a few questions remain. How did an app with keywords such as these find its way into the app store in the first place? The same developer has two other less-than-respectable apps on the app store as well – one called Any Font for Instagram, the other called "Marketplace – Buy/Sell" – the latter with a design VERY much like that of Facebook.
The Amazon Alexa setup app created by this developer, "One World Software," asked the user for their IP Address, Serial Number, and name. The "Name your device" section in this app wasn't likely used for a whole lot, but the other two could've been dangerous. Knowing the serial number and IP address on any device connected to the web could eventually, potentially lead to 3rd-party malicious interference.
At this moment I need to point you toward the feature I wrote earlier in the year 2018. This feature goes by the name Why your phone tracking your GPS location is a problem. In it, I give a scenario outline – a PRIME example of why you should be concerned with where your data's headed and where it's made available to the web, and on the web.
According to Alex Allegro this afternoon, the app was still available as of 6:17AM (this morning) – but it's gone now. So no worries! Unless you've got relatives that got a new Alexa device for Christmas. Then there may be troubles.