This is how it is: Malware has crept into the App Store, Apple’s App Store. How the platform’s authentication system could have failed, exposing millions of users to potential harm, is unclear, but the oversight was notable. So much so that only after the official application was reported was the fraudulent one removed.

Specifically: the illegitimate application was published under the name of an independent developer, copying the branding and user interface of the popular password manager LastPass, in an apparent attempt to confuse users. In fact, users themselves were the first to point out the scam through App Store comments; and from there it came to LastPass.

Four questions hang in the air, the first of which is how an app whose first impression has already been praised could pass the App Store’s supposedly strict controls: not only did it try to pass itself off as one of the most famous password managers, but it was created under a person’s name, instead of of the company that developed it, and even its description contained spelling errors.

It is worth emphasizing this point because Apple has always prided itself on the security of its storeusing this as an argument to discuss the European Union’s new Digital Markets Act (DMA), which will force the giants of the technology sector, including Apple, to submit to the antitrust policies they have always resisted.

For example, because of DMA, Apple will be forced to allow sideloading, third-party app stores, and other payment methods within iOS, something it has never accepted, ensuring that such practices compromise customer security and privacy. This is, of course, a half-truth, as the event clearly demonstrated. And total security does not exist, and restricting freedom with this excuse is neither reasonable nor fair.

After unveiling its DMA compliance plan, Apple said that “new payment processing and app download capabilities on iOS open new avenues for malware, fraud and scams, illegal and harmful content, and other threats to privacy and security,” but As just demonstrated, no one is saved more or less shameful stumbles.

The other three questions raised by the event are obvious: how long the app was available, how many users downloaded it, and above all, how harmful it turned out to be. However, there is no answer to everything. Analyst firm Appfigures points out that the app arrived in the App Store on January 21st, climbing the search results for LastPass, but without replacing the official or entering any of the store’s recommended app lists.

It wasn’t until LastPass itself became aware of the problem and put in place measures to address it, which happened between February 7 and 8, that the fraudulent app disappeared from the Apple Store. It is now unknown the number of users who fell into the trap and whether they were subjected to some type of perjury.