Thursday, April 22, 2021

The App Store Isn’t Catching the Most Egregious Scams

Nick Heer:

One more thing that I think is critical is that it is, right now, impossible to flag an app as a rule-breaker or a scam. Say you download an app and it is, in some way, worth reported to Apple. Let’s start in the App Store, where there is no button to report an app, not even in the app listing’s share menu. If you go to Apple’s Report a Problem website, you will see all of your purchases and downloads from your Apple ID, and you will be be asked a question, “What can we help you with?” for a dropdown menu containing these options[…] If you pick the last one, you’ll be sent to a screen where you will be told to contact Apple Support if you think your Apple ID has been compromised; it has nothing to do with the items you purchased or downloaded.


But it appears that, if a scam makes its way into the App Store, Apple is entirely dependent on users posting on social media or contacting Apple through another channel to be alerted to problems.

Sean Hollister:

Recently, I reached out to the most profitable company in the world to ask a series of basic questions. I wanted to understand: how is a single man making the entire Apple App Store review team look silly? Particularly now that Apple’s in the fight of its life, both in the courts and in Congress later today, to prove its App Store is a well-run system that keeps users safe instead of a monopoly that needs to be broken up.

That man’s name is Kosta Eleftheriou, and over the past few months, he’s made a convincing case that Apple is either uninterested or incompetent at stopping multimillion-dollar scams in its own App Store. He’s repeatedly found scam apps that prey on ordinary iPhone and iPad owners by luring them into a “free trial” of an app with seemingly thousands of fake 5-star reviews, only to charge them outrageous sums of money for a recurring subscription that many don’t understand how to cancel. “It’s a situation that most communities are blind to because of how Apple is essentially brainwashing people into believing the App Store is a trusted place,” he tells The Verge.


And we’re starting to hear from Apple insiders, too, that the company’s claims about App Store security are overblown. Eric Friedman, the head of the company’s Fraud Engineering Algorithms and Risk (FEAR) team, will be testifying in next month’s Epic Games trial. In a recent deposition he spoke of the App Review team as “bringing a plastic butter knife to a gun fight” and “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.” His team reportedly believed App Review’s job was incentivized to get apps “through the pipe” and “move people through” like TSA employees.


By the way: you know that app that John Gruber helped draw attention to in 2019, the one that reportedly charged $10 every week for wallpaper you could find free online? It’s still on the App Store. Never got removed.

Nick Heer:

It is remarkable because it is so simple. Hollister was easily able to replicate Eleftheriou’s scam-finding techniques, which combines data that Apple makes publicly available and information estimated by SensorTower. Some of these scams are raking in, according to Eleftheriou and SensorTower’s data, millions of dollars per year, and they are plentiful.

Ben Thompson:

App Review [somehow] seems far more effective in figuring out how to navigate from a privacy policy on a web page to a purchase page (and subsequently rejecting the app) than it is in rooting out scams.

David Heinemeier Hansson:

Now the problem is that Apple is defacto an accomplice to fraud. They knowingly aided and abetted scams that preyed on consumers and cost them millions. They were alerted and warned, specifically and repeatedly, about these scams, and not only did they do nothing, they continued to profit from the scams! Every scam that ran through the in-app payment system paid Apple a 30% cut of the take.


Update (2021-05-05): Kosta Eleftheriou:

Apple’s non-answers to Senator @ossoff’s great questions in yesterday’s hearing should anger all of us. They did not offer any explanation for why it’s so easy for me to keep finding multi-million-dollar @AppStore scams that have been operating for years.

Kosta Eleftheriou:

Two years later, the developer account of a fraudulent and LIFE THREATENING app is still up on the @AppStore! 🤯

Update (2021-05-07): Juli Clover:

At the time, Temple Run was a super popular iOS exclusive title, and in February 2012, a fake version of Temple Run hit the App Store charts. Schiller sent out an email to Eddy Cue, Greg Joswiak, Ron Okamoto, Phillip Shoemaker, Matt Fischer, Kevin Saul, and others on the App Store team. “What the hell is this????” he asked. “How does an obvious rip off of the super popular Temple Run, with no screenshots, garbage marketing text, and almost all 1-star ratings become the #1 free app on the store?”

“Is no one reviewing these apps? Is no one minding the store?” he ranted on, before asking whether people remembered a talk about becoming the “Nordstrom” of App Stores in quality of service.


Oh, spin me once again a yarn about how the App Store is inherently slathered in discerning curation; so discerning that low effort scams emerge, and so discerning that automated processes are dreamed up to salvage the situation, with automatically triggered removal of already approved applications without consideration for due process or developer impact the inevitable and apparently desirable outcome.


4 Comments RSS · Twitter

Do I have to say it? This is far more egregious than anything Scott Forestall ever “did.”

It’s time for Schiller and Cook to step aside and let the chips fall where they may with $AAPL.

Taleb’s Iron Law: if you see fraud and do not say fraud you are a fraud.

What about if you condone fraud for....years, and take a cut of it? That’s Schiller and Cook now and they need to go.

Really it's even easier for Apple to stop than I've seen suggested in any of the articles about it -- since Apple is the one paying out to developers, all they have to do is look at the list of apps that pull in say, more than some significant amount per month (maybe $25k+?) and filter out the developers that they can trust aren't scammers (Adobe, Microsoft, Nintendo, etc). What's left should be a manageably short list of apps that are making tons of money, and it'd be easy to go through them and find out which ones are questionable and worth further scrutiny based on the number of quickly canceled/refunded subscriptions and subscription costs that are out of line with what the app claims to do, etc.

The big question to me is how are so many legit, useful, fairly priced apps constantly having trouble getting approved (and have to go to Twitter/media to get Apple's attention) yet these totally obvious scam apps with obscene subscription prices sail right through app review?

"filter out the developers that they can trust aren't scammers (Adobe, Microsoft, Nintendo, etc)"

I'm pretty sure part of the reason Apple doesn't do this is that there are tens of thousands of devs that make a crapton of money with (potentially illegal) casino apps. This list includes Nintendo, ironically. Once Apple starts being stricter with trying to define what a scam is, people will suddenly start wondering why enticing kids to gamble doesn't qualify. And once that revenue is gone, the money Apple makes from its App Store will be a fraction of what it is now.

Apple has made itself dependent on these scams. I'm sure Apple's shareholders won't like suddenly losing tens of billions of dollars off Apple's revenue.

[…] Apple is uniquely suited to protecting its users from fraud and abuse. But it has also repeatedly struggled with preventing pretty obvious scams. I do not think its failure to achieve a perfect success rate […]

Leave a Comment