CHRIS CAMMACK: App store takedown highlights security flaws in world’s most popular forex trading platform

On September 23 Apple quietly removed MT4 and MT5, two of the world’s most popular trading platforms, from its App Store. While the abrupt takedown has gone mostly unnoticed among the public, it has created a furore in the forex trading community and has reignited long-held concerns over fundamental security flaws.

First developed in 2003, MetaTrader 4 (MT4) provided individuals (retail traders in industry jargon) with an institutional-grade forex trading platform. Fast and relatively easy to use, MT4 also allowed traders to build, buy and install trading algorithms, allowing for fully automated trading. Even better, by licensing the platform with forex brokers, MetaQuotes, the developer of MT4, could also supply the platform free of charge.

As retail forex trading has grown over the past 20 years MT4 has solidified its position as the world’s number one trading platform. MetaQuotes released a newer version, imaginatively called MT5, in 2010 and spent a lot of time and energy trying to get brokers and traders to adopt it, with limited success. As the smartphone revolution took off MetaQuotes provided mobile apps for both MT4 and MT5 — also free — allowing people to keep an eye on the forex market and trade on the move.

According to the latest figures, MT4 is still responsible for 75% of trade volume and MT4 and MT5 together are used by 80% of retail traders. With about 10-million traders worldwide, that’s about 8-million people. Most forex brokers will provide support for one or both platforms and their mobile apps. Many retail traders no longer bother with a trading work station and instead rely solely on their mobile phones.

So it came as a shock to many when Apple, suddenly and without comment, removed the two trading platforms from its App Store. Traders with the apps already installed won’t lose them from their devices, but the apps will no longer receive updates and — given Apple’s notorious security restrictions — will stop functioning once the lack of updates deems them a security risk. In fact, there is anecdotal evidence of the apps beginning to fail already.

Speculation abounded as to why the two apps have been removed. Both are still available on the Google Play Store for Android devices, and other trading platforms seem unaffected. Many commentators immediately linked the takedown to Western sanctions on Russia after the invasion of Ukraine. While now based in Cyprus, MetaQuotes was founded by a Russian citizen, and observers wondered aloud whether it had somehow been involved in sanctions busting.

But this version of events was quickly scotched by MetaQuotes, with a representative quoted as saying: “We do not believe Apple’s actions are linked in any way with the Western sanctions on Russia.”

The only reason Apple gave MetaQuotes for the takedown was that the apps do not comply with the App Store review guidelines. But MT4 and MT5 have been on the App Store for 10 years, so what has changed?

Once the noncompliance aspect was raised people quickly turned their attention to a recent Forbes article titled “How One Man Lost $1m to a Crypto ‘Super Scam’ Called Pig Butchering”. Published on September 9 (two weeks before MT4 and MT5 were pulled from the App Store) the article detailed how an altered version of the MT5 trading platform was used to defraud a victim in a complex trading scam.

While the story itself is heartbreaking, two sentences in particular stand out: “Cy [the victim] told Forbes that because he downloaded MetaTrader on the App Store, he presumed it was legitimate”, and “Apple spokesperson Adam Dema told Forbes the company is investigating complaints about MetaTrader and will take additional action to protect App Store users if necessary.”

Apple’s ruthless commitment to the privacy and security of its user base is well documented. Equally well documented is Apple’s ruthless commitment to control over the apps available in its App Store. In one fell swoop the Forbes article has shown that MetaQuotes’ trading apps break both of these inviolable tenets of Apple’s business philosophy.

The Forbes story and Apple’s subsequent takedown have brought to a head a long-standing issue with MT4 and MT5 trading platforms: when MetaQuotes hands out MT4 and MT5 licences to brokers it also hands over control of the trading platforms’ code base. Licensees can alter the trading platform significantly by installing custom plug-ins (as the scammers did in the “Pig Butchering” scam) or engage in price manipulation (as JP Markets was accused of doing by SA’s Financial Sector Conduct Authority in 2021).

It has long been known in the forex trading community that using MT4 with an unregulated broker is like playing Russian roulette with your money. Without any regulatory oversight a broker can easily manipulate price data and spreads, turning winning trades into losing ones. While this is not an issue with well-regulated brokers, many beginner traders are caught out by scams using manipulated versions of the MT4 and MT5 trading platforms.

iPhone traders are now left with a difficult decision. Apple is not known for compromise, so the MT4 and MT5 apps are likely to become non-functional on iOS devices soon. iPhone traders can switch to an Android device, but this could be an expensive waste of time if Google Play decides to follow suit. Or they can switch to desktop-only trading — less of a solution and more of a handicap.

Perhaps the most suitable solution is a change of trading platform. The most commonly used trading platform after MT4 and MT5 is cTrader. In development since 2012, cTrader is different from the MetaTrader platforms in that its code base is maintained by its developers, a company called Spotware. And while there are only a few brokers that offer cTrader, plug-ins like the one used in the Forbes story cannot be installed and price manipulation is impossible. It’s no surprise then that cTrader is still available on the App Store. It’s also worth pointing out that some brokers offer their own trading platforms in the iOS store, though these are usually aimed at beginners and lack much of the automation capabilities found in MT4, MT5 and cTrader.

So are we on the cusp of a major change? Will traders begin a transition en masse away from MetaTrader and its security flaws? Will MetaQuotes attempt to rebuild MT4 and MT5 from the ground up? To do so would appease Apple but would fundamentally alter its business model and potentially alienate the many brokers it counts as customers.

• Cammack is head of content at TradeForexSA.