{"id":32231,"date":"2021-04-22T15:53:48","date_gmt":"2021-04-22T19:53:48","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=32231"},"modified":"2021-05-07T14:30:24","modified_gmt":"2021-05-07T18:30:24","slug":"the-app-store-isnt-catching-the-most-egregious-scams","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/04\/22\/the-app-store-isnt-catching-the-most-egregious-scams\/","title":{"rendered":"The App Store Isn’t Catching the Most Egregious Scams"},"content":{"rendered":"

Nick Heer<\/a>:<\/p>\n

\n

One more thing that I think is critical is that it is, right now, impossible to flag an app as a rule-breaker or a scam. Say you download an app and it is, in some way, worth reported to Apple. Let’s start in the App Store, where there is no button to report an app, not even in the app listing’s share menu. If you go to Apple’s Report a Problem<\/a> website, you will see all of your purchases and downloads from your Apple ID, and you will be be asked a question, “What can we help you with?” for a dropdown menu containing these options[…] If you pick the last one, you’ll be sent to a screen where you will be told to contact Apple Support if you think your Apple ID has been compromised; it has nothing to do with the items you purchased or downloaded.<\/p>\n

[…]<\/p>\n

But it appears that, if a scam makes its way into the App Store, Apple is entirely dependent on users posting on social media or contacting Apple through another channel to be alerted to problems.<\/p>\n<\/blockquote>\n\n

Sean Hollister<\/a>:<\/p>\n

Recently, I reached out to the most profitable company in the world to ask a series of basic questions. I wanted to understand: how is a single man making the entire Apple App Store review team look silly? Particularly now that Apple’s in the fight of its life, both in the courts<\/a> and in Congress later today<\/a>, to prove its App Store is a well-run system that keeps users safe instead of a monopoly that needs to be broken up.<\/p>\n

That man’s name is Kosta Eleftheriou<\/a>, and over the past few months, he’s made a convincing case that Apple is either uninterested or incompetent at stopping multimillion-dollar scams in its own App Store. He’s repeatedly found scam apps that prey on ordinary iPhone and iPad owners by luring them into a “free trial” of an app with seemingly thousands of fake 5-star reviews, only to charge them outrageous sums of money for a recurring subscription that many don’t understand how to cancel. “It’s a situation that most communities are blind to because of how Apple is essentially brainwashing people into believing the App Store is a trusted place,” he tells The Verge<\/em>.<\/p>\n

[…]<\/p>\n

And we’re starting to hear from Apple insiders, too, that the company’s claims about App Store security are overblown. Eric Friedman, the head of the company’s Fraud Engineering Algorithms and Risk (FEAR) team, will be testifying in next month’s Epic Games trial. In a recent deposition he spoke of the App Review team as “bringing a plastic butter knife to a gun fight” and “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.” His team reportedly believed App Review’s job was incentivized to get apps “through the pipe” and “move people through” like TSA employees.<\/p>\n

[…]<\/p>\n

By the way: you know that app that John Gruber helped draw attention to in 2019, the one that reportedly charged $10 every week for wallpaper you could find free online? It’s still on the App Store<\/a>. Never got removed.<\/p><\/blockquote>\n\n

Nick Heer<\/a>:<\/p>\n

It is remarkable because it is so simple. Hollister was easily able to replicate Eleftheriou’s scam-finding techniques, which combines data that Apple makes publicly available and information estimated by SensorTower. Some of these scams are raking in, according to Eleftheriou and SensorTower’s data, millions of dollars per year, and they are plentiful.<\/p><\/blockquote>\n\n

Ben Thompson<\/a>:<\/p>\n

App Review [somehow] seems far more effective in figuring out how to navigate from a privacy policy on a web page to a purchase page (and subsequently rejecting the app) than it is in rooting out scams. <\/p><\/blockquote>\n\n

David Heinemeier Hansson<\/a>:<\/p>\n

\n

Now the problem is that Apple is defacto an accomplice to fraud. They knowingly aided and abetted scams that preyed on consumers and cost them millions. They were alerted and warned, specifically and repeatedly, about these scams, and not only did they do nothing, they continued to profit from the scams! Every scam that ran through the in-app payment system paid Apple a 30% cut of the take.<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n