Slashdot Mirror
Report Reveals In-App Purchase Scams In the App Store (macrumors.com)
In a Medium article titled How to Make $80,000 Per Month On the Apple App Store, Johnny Lin uncovers a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism. MacRumors reports: "I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft," said Lin. "That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called 'Mobile protection :Clean & Security VPN.' Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical 'Clean & Security VPN?'), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed ... $80,000 per month?? That couldn't possibly be right. Now I was really curious." To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017." Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer. Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.
Don't forget Apple's commission on all of those sales, which is yuuuuge. Apple is a willing participant in these scams.
I'm not a fan of anti-viruses, but sandboxing doesn't actually prevent a viruses just makes it more difficult as someone needs to break the sandbox. Though it also means a well behaved AV wouldn't be able to function as it wouldn't have access outside the sandbox.
I guess this is the level of technical knowledge we get by allowing tech blogs on Slashdot.
Down in the cafeteria?
The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism
That's not a scam, that's a business model.
lucm, indeed.
Courage to innovate... and not bother keeping an eye on your walled garden.
Heckuva job Timmay!
"Darwin"
This just makes this app even appier by forcing you to give up your LUDDITE money!
Apps!
This guy put out an app which would on-the-fly rewrite your memory on a Macintosh. It would defrag it to free up space and reduce the risk of crashing. You could actually watch the results in the About Mac window. Well, it seem that the 'free space' was achieved by the app itself closing! *laugh* Free for 7 days and then pay $5 to unlock it permanently. Lucky for me, I always wait for an update or two before plopping down the cash for software. --- Fast forward to today. This makes me wonder how many times has the program been updated. And how many versions of the iOS has this worked under. Because putting out a coin flip app that's here-today-gone-tomorrow is one thing. A scam which lasts the test of time is another.
Care killed the cat, but satisfaction brought it back.
or some machine learning thing of some sort. (Totally borrowed from this comment because it's soooooo spot on!).
AC comments get piped to
The number of apps worth paying for are vanishingly small. A handful of productivity apps might be worth paying for, but the most important ones from Google and others are free. Games are rarely worth paying for due to the limited interface (console or desktop are much better platforms).
I'm not sure why anyone would willingly enter sign into a payment prompt for such a thing. Only young children could fall for that (see Smurfberries).
for each purchase. Unless they go over 100,000$ then Apple settles for less.
Apple needs to establish a policy of re-reviewing, after the initial approval, all apps that exhibit unusual upward trends in the Top Grossing categories. They could use machine learning to "red flag" suspect apps, but then a human needs to take a closer look at the app itself to determine if it is legitimate or a scam. Given the large volume of apps submitted by developers for the App Store, it is inevitable that some bad ones with slide through the cracks. However, there is no good reason why a scummy app like this one was allowed to break into the Top 10 without showing up on Apple's radar.
They own Hot or Not, Blendr, Badoo, and probably others. It all pulls from the same servers but I suspect people are paying for each one. It's clever, but a scam. Probably legal though.
An appeal to Slashdot eds: this is the second story in a few days in which the headline simply refers to 'the app store', as though there is only one app store in the world. Reading further in both cases indicates that it is the Apple app store that is being referred to. As there are some (many?) of us who don't use and are not interested in Apple products, would it be unreasonable to ask that you identify precisely which app store is being referenced in the story?
Apple has a conflict of interest and a moral hazard. They get a cut of the in-app purchase revenue and also have a broader interest in the "app economy".
The mostly legitimate side of this is providing app vendors with additional revenue (raising the effective price of an app above $0.99) and the ability to sell a single app with additional features they can upsell.
Personally, I think this is an awful model for consumers as it leads to misleading app store descriptions -- yes, they will show in-app purchases, but you have to dig a little to find out what they are before you buy the app and sort out if the the app you're looking at actually does what it describes without being a $10 app.
But worse, I think it encourages a scam-oriented system ripe for abuse. We've already seen the children's game category use it this way and Apple only slowly make it more difficult for kids to buy in-app advantages often necessary to succeed in games.
The App Store is a marketplace. First and foremost, that is its purpose.
The mandate that it be used as an exclusive avenue for applications supports a broader cybersecurity model. Note that it's not a "security" model, which is potentially broader...it's a "cybersecurity" model. It's not a social solution, and won't protect you from apps that are overpriced, poor in functionality, overstated in their benefit, etc. It's not a "Good Housekeeping Seal of Approval" for apps. It's not a mechanism to prevent lies of scams of a sort that are non-technical in nature, either. Yes, Apple will help out as they can, and pull out apps when they see this kind of thing going too far. But even that is a "best effort" kind of thing, and there are no technical measures that work very well at detecting such issues.
The best they can do is mandate and enforce a standard for in-app purchase notifications (which they do) so that you'll be able to see, in normal print, that you're about to pay $99/week for something. If you're enough of a fucking moron to still go forward with it, that's on you.
For your security, this post has been encrypted with ROT-13, twice.
If you are paying for software or content you are doing it right. People who make software, music, movies, or other things we want to use actually want to get paid for their work (imagine that). If no one is willing to actually pay for the stuff they use, the creators have to turn to other sources of revenue. Your app (or web page, or movie, or...) has to be loaded with ads or other 'revenue generators', instead of just focusing on providing you with great value that you are willing to pay for.
I was originally going to say "It pays to think like a criminal and wish I had thought of that idea" :( sure would be nice to have that kind of income. but, alas what little morals I have said "no that's wrong".
On a more serious side, though....if you can think like a criminal, it might help spot fraudulent activity like these app scammers. And avoid getting scammed.
I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
...disable in-app purchases on your mobile account anyway unless you have a specific reason for leaving it enabled. I recently discovered what might have been bad programming, but it also could have been fraud. Back in 2008 I bought my first android device, the G1, and a year later in 2009 I went on a long distance trip to see the U2 360 tour as they were not coming to my town. Google Maps was in it's infancy, and was not super accurate. So, I purchased a third party GPS application. I used it for the trip, and then uninstalled it as it was a 30 day trial after which there was a 5.99 a month fee. Well long story short the app had been charging me 5.99 a month since 2009, and I didn't catch it till recently when I was looking at my bill detail for a different reason. Now my carrier refunded me all the charges back to the day I uninstalled the app. However, not everyone is going to get that lucky so beware.
I started reading/describing this article to an accountant friend of mine, and she immediately said, "I am willing to bet money it is a money laundering scheme"
While I doubt that *all* of these types of apps are a laundering scheme, it makes sense: buy a whole bunch of itunes gift cards, and launder it through the app store. The cut that apple takes? Eh, not that much when you consider the efficiency of other laundering schemes. And as a bonus, you might also get some money on the side from stupid people also installing your app.