Malware

Apple and Google host fake xAI Grok chat-bot apps in their App Stores

Posted on by

On Saturday, November 4, xAI (an artificial intelligence startup founded by Elon Musk) announced “Grok,” a ChatGPT competitor.

We’ve seen lots of scam apps in the App Store this year, so I was curious whether the App Store hosts any fake xAI apps.

Not surprisingly, multiple “chat bot” apps appear in search results for xAI. Two app titles even include “xAI” stylized exactly the same way as the real company:

  • xAI – Chatgbt Open Chat-Bot AI [for iPhone]
  • X AI – xAI Chatbot Assistant [for iPad]
  • E-GPT : xAi Chat Assistant [for iPhone]
  • X-Ai [for iPad]

One of these apps, “X AI – xAI Chatbot Assistant,” also includes a stylized logo reminiscent of the Twitter bird and the letter X. The same logo circulated on the X social network shortly after Twitter’s rebrand was announced.

These chat bot apps in Apple’s App Store are all unaffiliated with the company xAI.

Apps designed for iPhone or iPad can typically run on Macs with Apple silicon processors (i.e. M1, M2, or M3). Both iPad and iPhone apps may appear in search results in the Mac App Store.

What about Android’s Google Play Store?

Apple’s App Store isn’t the only app marketplace that’s guilty of hosting sketchy, trademark-violating apps. The Google Play Store hosts multiple fake xAI apps as well. In fact, one is an Android version of the same “X AI – xAI Chatbot Assistant” app by “Megatron Solutions” that appears in the App Store. Like the iPad version, the Android version also uses a recognizable but unofficial Twitter-X merged logo.

Is xAI the only mimicked app on the App Store?

Of course, both the Apple App Store and Google Play Store host plenty of apps that mimic ChatGPT as well, some of which use similar logos to the official app.

Though there are very few that use the exact name “ChatGPT” somewhere in the title (likely because OpenAI’s lawyers are diligent), many app screenshots use the brand name and imply endorsement.

The problem isn’t limited to AI or chat apps, either. Since July, we’ve seen a fake Threads social media app, a fake cryptocurrency wallet, and more. As of today, Apple has removed more than 150 fraudulent loan apps from the App Store since an independent researcher began hunting for and reporting such apps.

Apple clearly needs to improve its app vetting process. Apparently, so does Google.

Does Windows’ Microsoft Apps store have this problem?

Incidentally, I did not find any xAI lookalike apps in the Microsoft Apps store for Windows.

Not only that, but there are also zero search results for both ChatGPT and OpenAI. This seems to imply that Microsoft has cracked down much harder on lookalike AI chat apps than Apple and Google have.

Downloading fake apps could lead to financial loss, fund criminals

Why does it matter if you download an app that pretends to be made by a known company, but isn’t legitimate?

For one thing, note that these apps typically have in-app purchases or subscriptions. If you pay for them, that means you’ll be directly funding companies or individuals who are unethically violating another company’s trademarks. Moreover, these apps often overcharge and underdeliver; you likely won’t get your money’s worth compared to paying for a genuine app.

Even if you don’t pay for such apps, do you really want to share your data (e.g. your chat bot prompts,  and potentially also your location, photos, contacts, camera, microphone, or other access the app may request) with an unscrupulous developer? If they refuse to abide by basic trademark or copyright laws, it’s probably unwise to trust them with anything else; I strongly recommend avoiding installing such apps in the first place.

Key takeaway: Be cautious about all apps, even App Store apps

What can we learn from all this?

Although Apple’s App Store remains one of the safest places to obtain apps, it’s not devoid of sketchy, scammy, or potentially harmful apps.

Not all app developers have the same ethics as you. Some apps may be a serious violation to your privacy. Others may charge ridiculous prices for auto-renewing app subscriptions, in hopes that you won’t notice how much money they’re taking from you. Just because an app is in the App Store doesn’t necessarily mean it’s safe.

Remember your ABCs: Always Be Cautious.

UPDATE: As of November 10, Apple appears to have removed several fake xAI apps from the App Store. Google, however, has not suspended any of the misleading apps from the Google Play Store.

How can I learn more?

Check out our articles from earlier this year about other sketchy App Store apps:

After backlash, Apple removes fake Threads app, unethical loan apps from App Store

Apple’s iOS App Store continues to host scammy, unethical apps

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which is often featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →