In-App Purchase Scams in the App Store
Johnny Lin (Hacker News, MacRumors):
I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft. That was to be expected. But what’s this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called “Mobile protection :Clean & Security VPN”.
[…]
Buried on the third line in a paragraph of text in small font, iOS casually tells me that laying my finger on the home button means I agree to start a $100 subscription. And not only that, but it’s $100 PER WEEK? I was one Touch ID away from a $400 A MONTH subscription to reroute all my internet traffic to a scammer?
[…]
Later, I dug deeper to find that unfortunately, these aren’t isolated incidents — they’re fairly common in the app store’s top grossing lists. And this isn’t just happening with security related keywords. It seems like scammers are bidding on many other keywords.
There should be no “virus and malware” scanners in the App Store. None. iOS does not need anti-virus software. The App Store sandboxing rules mean that anti-virus software couldn’t really do anything useful anyway. And by allowing them to be listed on the store, it creates the false impression that Apple thinks you might need anti-virus software.
But do-nothing anti-virus utilities that are scamming people into $100/week subscriptions? That’s downright criminal.
[…]
Given how many legitimate developers are still having problems getting their apps approved due to seemingly capricious App Store reviewer decisions, it’s doubly outrageous that these apps have made their way onto the store in the first place. These are the exact sort of apps that the App Store review process should be primarily looking to block.
The scams wouldn’t be possible on this scale without App Store search ads.
See also: Vienna, Icon Factory, PCalc.