Connect with us

Technology

App Store scammers are making thousands of dollars by exploiting TouchID

Published

5 years ago

on

Shady developers are gaming TouchID to trick people into spending money.
Shady developers are gaming TouchID to trick people into spending money.

Image: lili sams/ mashable

2016%2f09%2f16%2f8f%2fhttpsd2mhye01h4nj2n.cloudfront.netmediazgkymde1lza3.c1888By Karissa Bell2018-12-04 01:19:22 UTC

Shady developers have found a new way to trick users into spending ridiculous sums of money on worthless services.

The scheme, which was discovered by Redditors and reported by the welivesecurity blog, uses TouchID to trick users into in-app purchases, which can be as high as $99.99. 

The blog uncovered two such examples, both from purported fitness apps. In both cases, the apps instruct users to hold their finger over their iPhone’s home button in order to “scan” their fingerprint for health data. While the “scan” is happening, though, the app triggers an in-app purchase, which is then authenticated via TouchID and completed before the  user even realizes what is happening.

Welivesecurity blog uncovered two examples of this tactic, one called “Calories Tracker app” and one called “Fitness Balance.” Both apps have since been removed by from the App Store by Apple, but you can see it in action in the video below. Apple didn’t immediately respond to a request for comment.

Shady though they are, it appears that these developers’ tactics were extraordinarily successful. “Calories Tracker app,” pulled in $60,000 in November while “Fitness Balance” made $10,000, according to data from app analytics firm Sensor Tower.

The incident also raises the questions about Apple’s ability to detect scams in the first place.

Though Apple’s App Store has a reputation for being safer than other app stores, this isn’t the first time shady developers have been allowed to get their apps into the store. Last year, a number of barely-functional apps were removed for tricking users into paying for exorbitantly-priced subscriptions. 

One such app, which also took advantage of the App Store’s search ads, was charging $99.99 weekly for a worthless VPN service. The app was pulling in $80,000 a month before it was eventually removed.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f87100%2f3bdb6fcf 547e 4d07 93ab b9b33ebff4e3

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window._geo == ‘GB’) {
fbq(‘init’, ‘322220058389212’);
}

if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}

Related Topics:
Continue Reading
Advertisement Find your dream job

Trending