Technology
App Store scammers are making thousands of dollars by exploiting TouchID
Shady developers have found a new way to trick users into spending ridiculous sums of money on worthless services.
The scheme, which was discovered by Redditors and reported by the welivesecurity blog, uses TouchID to trick users into in-app purchases, which can be as high as $99.99.
The blog uncovered two such examples, both from purported fitness apps. In both cases, the apps instruct users to hold their finger over their iPhone’s home button in order to “scan” their fingerprint for health data. While the “scan” is happening, though, the app triggers an in-app purchase, which is then authenticated via TouchID and completed before the user even realizes what is happening.
Welivesecurity blog uncovered two examples of this tactic, one called “Calories Tracker app” and one called “Fitness Balance.” Both apps have since been removed by from the App Store by Apple, but you can see it in action in the video below. Apple didn’t immediately respond to a request for comment.
Shady though they are, it appears that these developers’ tactics were extraordinarily successful. “Calories Tracker app,” pulled in $60,000 in November while “Fitness Balance” made $10,000, according to data from app analytics firm Sensor Tower.
The incident also raises the questions about Apple’s ability to detect scams in the first place.
Though Apple’s App Store has a reputation for being safer than other app stores, this isn’t the first time shady developers have been allowed to get their apps into the store. Last year, a number of barely-functional apps were removed for tricking users into paying for exorbitantly-priced subscriptions.
One such app, which also took advantage of the App Store’s search ads, was charging $99.99 weekly for a worthless VPN service. The app was pulling in $80,000 a month before it was eventually removed.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window._geo == ‘GB’) {
fbq(‘init’, ‘322220058389212’);
}
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
-
Business6 days ago
Langdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
-
Entertainment6 days ago
What Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
-
Entertainment5 days ago
This nova is on the verge of exploding. You could see it any day now.
-
Business5 days ago
India’s election overshadowed by the rise of online misinformation
-
Business5 days ago
This camera trades pictures for AI poetry
-
Business6 days ago
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
-
Business7 days ago
Internet users are getting younger; now the UK is weighing up if AI can help protect them
-
Business4 days ago
TikTok Shop expands its secondhand luxury fashion offering to the UK