Over the past decade, the policies governing the Apple App Store have changed significantly. In the early days, getting any app into the store was incredibly difficult. Apple didn't want anyone they considered a competitor to have software on their platform. They even denied Google Voice for duplicating native features. Today, in addition to Google Voice, there are hundreds of voice and text services on the iPhone that duplicate native features from a myriad of competitors, including Google and Microsoft.
The company's content policing policy was also very different a decade ago. An early app submission, named Ninjawords, was a dictionary - one of the simplest and most innocuous apps possible. However, Apple took offense to the dictionary containing certain words and forced the company to censor the dictionary. Today, Apple allows apps like Tumblr, to display adult content.
These days, the company's less stringent guidelines have led to a platform that occasionally lets through an app with potentially malicious intent. The App Store isn't quite the security threat of Google Play, but it is letting through fake apps, including those that steal personal data and violate copyrights. But there is a big difference between an unofficial Pokemon game and an app that pretends to be a productivity tool.
This week, just such an app made waves on the App Store. An app called "Setup for Amazon Alexa" managed to not only crack Apple's security, but it also cracked the top 10 utility apps in the store. The app gathers IP address, as well as your Alexa device's serial number, though it is not known exactly what can be done with that information. It is possible that this could be enough to monitor transmissions sent from the device to Amazon for processing, turning the device into more of a spy device than most people already consider them.
Needless to say, if you have downloaded the app, you should uninstall it immediately.