Technology
App Store scammers are making thousands of dollars by exploiting TouchID
Shady developers have found a new way to trick users into spending ridiculous sums of money on worthless services.
The scheme, which was discovered by Redditors and reported by the welivesecurity blog, uses TouchID to trick users into in-app purchases, which can be as high as $99.99.
The blog uncovered two such examples, both from purported fitness apps. In both cases, the apps instruct users to hold their finger over their iPhone’s home button in order to “scan” their fingerprint for health data. While the “scan” is happening, though, the app triggers an in-app purchase, which is then authenticated via TouchID and completed before the user even realizes what is happening.
Welivesecurity blog uncovered two examples of this tactic, one called “Calories Tracker app” and one called “Fitness Balance.” Both apps have since been removed by from the App Store by Apple, but you can see it in action in the video below. Apple didn’t immediately respond to a request for comment.
Shady though they are, it appears that these developers’ tactics were extraordinarily successful. “Calories Tracker app,” pulled in $60,000 in November while “Fitness Balance” made $10,000, according to data from app analytics firm Sensor Tower.
The incident also raises the questions about Apple’s ability to detect scams in the first place.
Though Apple’s App Store has a reputation for being safer than other app stores, this isn’t the first time shady developers have been allowed to get their apps into the store. Last year, a number of barely-functional apps were removed for tricking users into paying for exorbitantly-priced subscriptions.
One such app, which also took advantage of the App Store’s search ads, was charging $99.99 weekly for a worthless VPN service. The app was pulling in $80,000 a month before it was eventually removed.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window._geo == ‘GB’) {
fbq(‘init’, ‘322220058389212’);
}
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Business7 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment7 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business6 days ago
Humanoid robots are learning to fall well
-
Entertainment6 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business5 days ago
Google Gemini: Everything you need to know about the new generative AI platform
-
Entertainment5 days ago
‘Bridgerton’: Everything you need to remember before Season 3
-
Business6 days ago
Indian ride-hailing giant Ola cuts 180 jobs in profitability push
-
Entertainment3 days ago
Hands-on with the Claude AI app: It’s pleasant to use, but janky