Unscrupulous app developers have been creating apps that scam their users out of hundreds of dollars. How exactly did they do it?
How They Did It
Two fitness apps were exposed as scams recently. The apps in question – ‘Fitness Balance app’ and ‘Calories Tracker app’ – both offered the standard functions of a health app – personalised diet tracking, BMI calculation and reminders to stay hydrated, amongst others.
However, these apps had a much more sinister scheme behind them than simply making sure you drink enough water.
The apps prompted users to scan their fingerprints the first time they opened the app in order to ‘view their personalized calorie tracker and diet recommendations’.
While users’ fingerprints were being scanned the apps initiated a payment request for USD 119.99. The request caused a confirmation pop-up to flash on screen for about a second, but by then it was too late.
With their fingerprint already being scanned, iPhone users who had their credit or debit card linked to their Apple account ended up authorising the payment and the money was transferred to the scammers.
As if that was not enough to worry about, at least one of the apps managed to garner a positive rating on the app store – it even got several five-star ratings.
It seems that fake reviews are part of the scammers’ strategy, using them to boost the legitimacy of their shady apps. So not only do you have to be wary of app scams, you need to keep an eye out for fake reviews as well.
Apple has since removed the offending apps after complaints were filed by affected users who can try to get a refund. The apps also obviously broke Apple’s developer guidelines which outlaws apps that:
‘prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.’
How Can You Stay Safe?
iPhone X users are unaffected by this particular kind of scam because of the ‘double click to pay’ feature requiring users to press a button on the side of the phone to authorise payment.
For other iPhone users and Android users, be wary about giving an app biometric information such as fingerprints or facial recognition too readily.
Additionally, it is worth paying attention to reviews. Negative reviews are more likely to tell you what an app is really like. If an app has no negative reviews, it should set alarm bells ringing.
If you want to be completely sure you never fall prey to this kind of fraud, the best thing to do is disable biometric confirmation for payments and go old-school – use your password to confirm purchases.