Slashdot Mirror
Report Reveals In-App Purchase Scams In the App Store (macrumors.com)
In a Medium article titled How to Make $80,000 Per Month On the Apple App Store, Johnny Lin uncovers a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism. MacRumors reports: "I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft," said Lin. "That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called 'Mobile protection :Clean & Security VPN.' Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical 'Clean & Security VPN?'), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed ... $80,000 per month?? That couldn't possibly be right. Now I was really curious." To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017." Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer. Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.
I'm not a fan of anti-viruses, but sandboxing doesn't actually prevent a viruses just makes it more difficult as someone needs to break the sandbox. Though it also means a well behaved AV wouldn't be able to function as it wouldn't have access outside the sandbox.
I guess this is the level of technical knowledge we get by allowing tech blogs on Slashdot.
The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism
That's not a scam, that's a business model.
lucm, indeed.
"Darwin"
This just makes this app even appier by forcing you to give up your LUDDITE money!
Apps!
The whole point of the walled-garden, aka App Store, is to prevent exactly this sort of thing. The fact that this sort of thing is able to exist for more than 5 minutes simply shows that Apple is perfectly willing to take its 30% commission and turn a blind eye to scams.
This guy put out an app which would on-the-fly rewrite your memory on a Macintosh. It would defrag it to free up space and reduce the risk of crashing. You could actually watch the results in the About Mac window. Well, it seem that the 'free space' was achieved by the app itself closing! *laugh* Free for 7 days and then pay $5 to unlock it permanently. Lucky for me, I always wait for an update or two before plopping down the cash for software. --- Fast forward to today. This makes me wonder how many times has the program been updated. And how many versions of the iOS has this worked under. Because putting out a coin flip app that's here-today-gone-tomorrow is one thing. A scam which lasts the test of time is another.
Care killed the cat, but satisfaction brought it back.
The whole point of the walled-garden, aka App Store, is to prevent exactly this sort of thing. The fact that this sort of thing is able to exist for more than 5 minutes simply shows that Apple is perfectly willing to take its 30% commission and turn a blind eye to scams.
Hyperbolic much?
What happens to you when you encounter a real problem like when you forgot to buy Doritos at the store?
Faster! Faster! Faster would be better!
or some machine learning thing of some sort. (Totally borrowed from this comment because it's soooooo spot on!).
AC comments get piped to
for each purchase. Unless they go over 100,000$ then Apple settles for less.
An appeal to Slashdot eds: this is the second story in a few days in which the headline simply refers to 'the app store', as though there is only one app store in the world. Reading further in both cases indicates that it is the Apple app store that is being referred to. As there are some (many?) of us who don't use and are not interested in Apple products, would it be unreasonable to ask that you identify precisely which app store is being referenced in the story?
He's right though. There's a point where an obvious scam is so blatant and easy to detect that you have to start going up the chain with a length of rope.
Don't forget Apple's commission on all of those sales, which is yuuuuge. Apple is a willing participant in these scams.
Yeah. Of course Google also makes 30% on all in-app scams on the Playstore. This adds up.
Of course news about a fake are Fake News.
Apple has a conflict of interest and a moral hazard. They get a cut of the in-app purchase revenue and also have a broader interest in the "app economy".
The mostly legitimate side of this is providing app vendors with additional revenue (raising the effective price of an app above $0.99) and the ability to sell a single app with additional features they can upsell.
Personally, I think this is an awful model for consumers as it leads to misleading app store descriptions -- yes, they will show in-app purchases, but you have to dig a little to find out what they are before you buy the app and sort out if the the app you're looking at actually does what it describes without being a $10 app.
But worse, I think it encourages a scam-oriented system ripe for abuse. We've already seen the children's game category use it this way and Apple only slowly make it more difficult for kids to buy in-app advantages often necessary to succeed in games.
The App Store is a marketplace. First and foremost, that is its purpose.
The mandate that it be used as an exclusive avenue for applications supports a broader cybersecurity model. Note that it's not a "security" model, which is potentially broader...it's a "cybersecurity" model. It's not a social solution, and won't protect you from apps that are overpriced, poor in functionality, overstated in their benefit, etc. It's not a "Good Housekeeping Seal of Approval" for apps. It's not a mechanism to prevent lies of scams of a sort that are non-technical in nature, either. Yes, Apple will help out as they can, and pull out apps when they see this kind of thing going too far. But even that is a "best effort" kind of thing, and there are no technical measures that work very well at detecting such issues.
The best they can do is mandate and enforce a standard for in-app purchase notifications (which they do) so that you'll be able to see, in normal print, that you're about to pay $99/week for something. If you're enough of a fucking moron to still go forward with it, that's on you.
For your security, this post has been encrypted with ROT-13, twice.
If you are paying for software or content you are doing it right. People who make software, music, movies, or other things we want to use actually want to get paid for their work (imagine that). If no one is willing to actually pay for the stuff they use, the creators have to turn to other sources of revenue. Your app (or web page, or movie, or...) has to be loaded with ads or other 'revenue generators', instead of just focusing on providing you with great value that you are willing to pay for.
I was originally going to say "It pays to think like a criminal and wish I had thought of that idea" :( sure would be nice to have that kind of income. but, alas what little morals I have said "no that's wrong".
On a more serious side, though....if you can think like a criminal, it might help spot fraudulent activity like these app scammers. And avoid getting scammed.
I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
The whole point of the walled-garden, aka App Store, is to prevent exactly this sort of thing. The fact that this sort of thing is able to exist for more than 5 minutes simply shows that Apple is perfectly willing to take its 30% commission and turn a blind eye to scams.
Hyperbolic much?
Doesn't look particularly hyperbolic to me. Looks like a reasonable- if sceptical- conclusion, given the evidence. Honestly, you can disagree with it, but it doesn't seem overly "hyperbolic" given Apple's power over their curated app store.
What happens to you when you encounter a real problem like when you forgot to buy Doritos at the store?
What's the point you're allegedly making here? That such things are a "Mom's basement dweller" problem?
It's 2017. We're long past the "Internet is for nerds era". We're even long past the point where we have to point out that this is no longer the case... every man and his dog, and "Mom" herself has an Internet-connected smartphone these days. This appears to be a scam targeted at these less tech-literate users.
You're suggesting it's not a problem that one of the largest smartphone manufacturers doesn't appear to be doing enough to stop obvious scams that it should be in their power to police- within their walled-garden app store (as OP suggests, this is allegedly the whole point)?
This is barely even a "first world problem" any more. iPhones may arguably still be first world luxuries, but lower-end Android smartphones and the like are being pushed in developing countries, and such issues are no longer solely the concern of rich nerds with their playthings.
So, yeah. What was your point? Or was it just a bit of disingenuous shaming combined with the barely-veiled "basement nerd" cliche in order to shut down the argument without actually saying what was wrong with it?
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I started reading/describing this article to an accountant friend of mine, and she immediately said, "I am willing to bet money it is a money laundering scheme"
While I doubt that *all* of these types of apps are a laundering scheme, it makes sense: buy a whole bunch of itunes gift cards, and launder it through the app store. The cut that apple takes? Eh, not that much when you consider the efficiency of other laundering schemes. And as a bonus, you might also get some money on the side from stupid people also installing your app.