Wednesday, February 3, 2021

Scammy KeyWatch and Trezor Apps

Kosta Eleftheriou (Hacker News):

Just a few months ago, I was way ahead of my competition. By the time they figured out just how hard autocorrect algorithms were, I was already rolling out the swipe version of my keyboard, quickly approaching iPhone typing speeds. So how did they beat me?🤔

First, they made an app that appeared to fulfill the promise of a watch keyboard - but was practically unusable. Then, they started heavily advertising on FB & Instagram, using my own promo video, of my own app, with my actual name on it[…]

But wait, you say. People will see it doesn’t work well & not give any money - surely! Well, this is the first screen you get upon launching the app: zero explanation, no close button, no price. Tap to “unlock”, and you’re now 1 step away from confirming a $416/year subscription.


Fake ratings, and fake reviews. These quickly push the scams to the top of search results, leaving honest & hard-working developers in the dust. An old problem that’s not easy to solve, but one that’s at the core of why App Store app discovery is so problematic.

David Smith:

Stories like this are so discouraging to me. I’ve been hit by these “pump-and-junk” app schemes many times myself.

I get that defining the line between “bad app w/ high price” and “scam” is challenging but there has to be a better way than what we currently have.

Peter N Lewis:

The Apple App Store is so full of scammers and so lousy at search that if Apple ever did allow third party stores it is certain that a properly curated third party store would be much safer for users. So Apple arguing that the App Store makes users safer is utterly bogus.

Michael Love:

The fundamental problem with App Review is that it necessarily involves a lot of “I know it when I see it” decisions, and yet the volume of submissions + Apple’s treatment of it as a cost-center means reviewers have neither the resources nor the authority to make those decisions.

santisiri (via David Heinemeier Hansson):

a very good friend of mine lost his life savings because of this phishing app that was available on the app store.

Kosta Eleftheriou:

While the “KeyWatch” $300k/month scam was removed, Apple did not take down their developer account.

Not only that, but their other scam, “GPS Speedometer”, remains on the App Store stealing $200k/month from unsuspecting people, with $416/year subscriptions.😱


Update (2021-02-05): Natasha Lomas (via Hacker News):

“They put you in contact with the other developer in question, and oversee the thread while they hope you will resolve the issue with the other party directly,” he explains. “The scammers I complained about in that dispute weren’t even the bigger scammers I mention in my Twitter thread. Yet, the complaint I had with them barely got addressed, and there was no response from Apple whatsoever on the issue of the fake ratings and reviews. Simply a ‘if we don’t hear back from you very soon we consider the matter resolved’. We even reached out to Apple privately after that but got no response.”

“What was most impressive to me, was that in the presence of the Apple legal team, the scammers did not feel threatened one bit — almost as if they know Apple is unlikely to do anything,” he adds. “In my view, Apple simply does not devote enough resources on this area.”


A core part of the USP for its App Store is the claim that Apple’s review process sums to a higher quality, more trustworthy experience than alternative marketplaces that aren’t so carefully overseen.

So a failure to do more to enforce against review scams and rating manipulations risks taking a lot more shine off Apple’s brand than Cupertino should be comfortable with.

David Barnard:

Steps to reproduce:

1. Search a high traffic keyword like wallpapers, scanner, VPN, etc.
2. Download the top 5 search results
3. At least one (often multiple) will be shady apps pushing expensive weekly subscriptions using various dark patterns
4. Get mad at Apple all over again

Nick Heer:

There is a threefold compounding problem here:

  1. There are many apps in the App Store that are effectively counterfeits.

  2. They plant fake reviews to establish legitimacy.

  3. They abuse expensive subscriptions.

Update (2021-02-08): Kosta Eleftheriou:

Up to now, I’ve been in the “Apple wants to do the right thing” camp. My viewpoint is starting to change.

How to spot a $5M/year scam on the @AppStore, in 5 minutes flat[…]

Loren Brichter:

Apple is in the business of looking the other way.

The problem is that the company isn’t going to be able to kick the addiction without making the services metrics that Tim cares about start trending in the wrong direction.

Marco Arment:

Apple could prevent SO MANY App Store misleading-subscription scams if they eliminated weekly billing as an option.

The shortest subscription interval should be monthly, since that’s how most consumers think about most ongoing costs. (That’s why the weekly subs mislead so many!)

Ryan Jones:

Fix the root cause instead:

  1. Payment terms bigger than font size 7 on confirmation screen.
  2. Universal IAP picker screen, designed by Apple and required.

David Barnard:

Here’s another stab at redesigning the “buy sheet” using the current design language.

Michael Love:

This seriously shouldn’t be hard. Every app with more than say $10k/year in IAP revenue - which is not that many! - gets looked at 2x year by someone who’s specifically charged with detecting scams; if they flag it then it goes to a more detailed review by sb with authority.

Update (2021-02-09): Tim Hardwick (also: 9to5Mac):

Since that time, Eleftheriou has been on a Twitter crusade to expose more scam apps in the App Store, such as the so-called star gazing app that goes by the name “Star Gazer+” and basically uses the same time-proven strategy of masquerading as a genuine app that’s barely functional and hoodwinks users into an exorbitant in-app weekly subscription fee.

As of writing, the scam app “Star Gazer+” is still listed on the App Store with 4.5 star average rating and over 80,000 reviews.

See also: David Heinemeier Hansson.

Update (2021-02-10): Cory Zanoni:

There’s a lot we can’t know here. We don’t know how many scam apps get taken down quickly and we don’t know how many never make it through the review process. Maybe we only ever see 1% of those submitted to the store.

Update (2021-02-22): Stanislav Dvoychenko:

I’ve been reporting to Apple the app that is copying reviews from my app - with no result.

Kosta Eleftheriou:

Dear Worldwide Developer Relations Manager who has been trying to call me and my wife multiple times:

Unscheduled calls are not the best way to reach people these days. Same goes for App Review calls.

Also, email?🤷

David Heinemeier Hansson:

We dealt with the same issue during @heyhey’s summer of stress. Apple never wanted to have anything in writing. It was all on their internal systems where messages disappear or on phone calls with people using their first name only.


Kosta Eleftheriou:

So Apple finally publicly responded to my complaints.

Let’s take apart this embarrassingly generic boilerplate statement the gave to The Verge[…]

Paul Haddad:

Does the 500k developer account number seem off to anyone else? Sounds absurdly high to me. I know there’s plenty of fraud in the App Store but that many separate accounts? $50M worth?

Apple’s in a tough spot. They get flack if they don’t stop scams, they get flack if they flag the wrong person as a scammer. They’re probably doing a ton more to prevent scams than anyone realizes and yet seems like they should do more. 🤷‍♂️

Kosta Eleftheriou:

What Apple doesn’t want you to know about the App Store👇

“The apps you love, from a place you can trust” they tell you. But the reality is far from it.

A 4.5-star app? Might as well be a multi-million dollar scam.


The average star rating of an app can be trivially manipulated by any developer.


What follows is an incredibly buggy, ad-infested, poorly designed money-grabbing experience.


This is a third party app developed to trick people in to downloading and paying for something that’s free if you have a Roku. They buy adds for “Roku Remote” but the app is “Roki Remote”.


Because the scammers keep buying positive ratings, the app remains highly rated - giving people a false sense of trust.

See also: Brendan Hesse.

Kosta Eleftheriou:

As another indication of how *not* seriously Apple is taking fake ratings, they unequivocally state: “If you attempt to […], manipulate ratings or App Store discovery […] you will be expelled from the Developer Program.”

Yet this happened[…]


Since early January, my attempts through the proper channels to report fake ratings scams have been fruitless - to put it mildly. My last attempt, below, unanswered. Apple is now effectively condoning scam behavior on the App Store by not taking action. A total travesty.

Joe Fabisevich:

I don’t have all the answers for fixing the App Store, but I don’t think you need all the answers up front to start improving the system. Taking what we learned about incentive design above, what I see Apple having is a resource allocation problem due to them not knowing who’s complying with the rules and contributing to the public good. With that in mind, a scoring system is where I would invest resources to know who’s having a net-positive and a net-negative effect on the App Store system.


App Store Preview would work similar to Apple’s current DTS system, where you can get hands-on help with a technical problem you’re having. A developer should be able to get pre-approval for an idea, in the context of their application, without having to build an entire feature (or application) before App Review deems it worthy. This would also provide context for future reviewers, knowing what to look for and what’s changed. The more a pre-approved version matches the reviewer’s expectations come review time, the higher the score would the developer would receive. The higher their overall score over time (by some to be established scoring mechanism), the less scrutiny they would receive in the future.

More importantly though is the inverse. If someone doesn’t go through review, they implicitly receive more scrutiny.

Update (2021-03-09): Kosta Eleftheriou:

If you had any doubts at all about the Wild Wild West that are App Store ratings & reviews, someone is currently buying fake 5-star reviews for my own FlickType app - presumably so that Apple will take my app down.

Apple’s fake review detection is failing so miserably.

Jeff Johnson:

They’re coming for you like they came for @AppsExposed and they may win.

Update (2021-04-16): Sami Fathi (tweet):

Now, Eleftheriou has highlighted yet another scam app on the App Store . This time Eleftheriou is shining a light on how one scam app called “Privacy Assitant: StringVPN” uses Apple’s in-app purchasing system to trick people into purchasing either a weekly, monthly, or yearly subscription for a fake VPN service.

The scam app promises to offer a “full-featured” and “safe” VPN experience, but that’s not the case. The app has a total of 104 reviews and a 3.5/5 rating at the time of writing. The majority of reviews praise the app as being “perfect” and say it offers “the best experience ever.” The masses of fake reviews posted by the developer tricks Apple’s App Store algorithm into boosting its appearance in search results, making it easier for other users to discover and download the app.

However, there are real reviews posted by users scammed by the app in the barrage of fake reviews. One user says the app tricked them into purchasing its yearly $89.99 subscription without the option to chose weekly or monthly, and notes how the app looks like a legitimate VPN app.

Kosta Eleftheriou:

I don’t know what’s worse about this app[…]

Kosta Eleftheriou:

This App Store scam is just too funny.

Kosta Eleftheriou:

Over a third of App Store reviews considered fake!🤯

Update (2021-06-05): Kosta Eleftheriou:

All 4 VPN scams I posted are now gone.

Did @Apple refund the MILLIONS of users that got scammed?

And did they let their own customers know they need to immediately stop using these apps?

3 Comments RSS · Twitter

Why does Apple have no dedicated phone number or email address to report this crap?

[…] you’ve read that post, hop over to this Michael Tsai rollup page with comments on another, perhaps more well circulated […]

Tim Cook ought to be addressing this problem as it’s helping to trash Apples reputation and is ripping off Apples customers

Leave a Comment