alt Hacker News> the app was removed the day after that post was made
LastPass has been downloaded in excess of 50 million times in the past 10 years. As many as 10,000 users could have installed the app and turned over their credentials to the trojan version in a 24 hour period. If your manual review takes a day to respond, it's already too late at Apple's scale.
> That is exactly why people feel more comfortable using the app store.
Then why does the App Store represent the minority of software sales on platforms like macOS, where users are given free reign to download whatever they want? It seems like users are overwhelmingly uncomfortable sticking to the App Store, if you take their actions and spending into account.
Apathy seems to be the best explainer here. Users don't care about security at all, they are just consuming whatever is put in front of them. That's why social engineering like LastPass works, and it's why you see people ignore systemic backdoor efforts like Client Side Scanning and Push notifications. They might be afraid of getting hacked, but it's plainly clear that none of them care enough to make a change in their lifestyle.
I would have expected Apple to catch that on review. That was a egregious failure and betrayal of trust on their part. I wonder if they took any responsibility for the consequences of their error.
I'd agree if you wrote that most users don't understand security at all, that users aren't really given the tools they need to maintain security, or that exploits are designed to target people's vulnerabilities. You seem to be blaming the victims of motivated (sometimes) advanced actors. Even serious engineers have been phished for NPM publishing access.