This past week over at Medium, Johnny Lin had an excellent investigation into a series of scam apps that are making thousands on the App Store.
Apple announced right before WWDC that it has now paid developers over $70 billion since the App Store launch, of which over a third comes from the last year. That’s a major increase, yet Lin realized his friends hadn’t been buying things on the App Store more often.
So he investigated. Here’s what he found.
Looking at the Charts
If you take a look at the App Store charts, things start off pretty normal. Things like Netflix and Pokemon Go, but then you get to around 10, and you see “Mobile Protection: Clean & Security VPN.”
Poor grammar aside here’s an essential first tip: Your iPhone does not need security software.
Due to the way iOS is set up, iOS is almost impenetrable
And even if it were, an app that could combat that on a system level would be against App Store rules.
Additionally, the description raises some red flags.
Lin checked Analytics for this app, thinking it must be an error and found it had a projected revenue of $80,000 a month. How could this be? He downloaded the app to see more.
Inside Mobile Protection: Clean & Security VPN
Once you enter the app, you see some suspicious behavior.
“This app needs to access to your Contact to scan your Contact first.” Uhh… nope. Always make sure to read a dialogue box before accepting. Why should a security app need access to your contacts?
Once past this step, the app is nonsense, claiming your device is at risk while (maybe) checking for duplicate contacts. Be sure to check out Lin’s full article for all of its oddities, but the real kicker came at the end:
And obviously, I jump at the opportunity to “Instantly use full of smart anti-virus” by tapping “FREE TRIAL”. It’s free, after all
Touch ID? Okay! Wait… let’s read the fine print:
“Full Virus, Malware scanner”: What? I’m pretty sure it’s impossible for any app to scan my iPhone for viruses or malware, since third party apps are sandboxed to their own data, but let’s keep reading…
“You will pay $99.99 for a 7-day subscription”
Uhh… come again?
Hidden in a small line in a confusing text is a message that you will be paying $99.99 a week. It’s important to note that this is also recurring, and will not stop until canceled. Now, think about if you know how to cancel a subscription on your iPhone. If you don’t, you may have fallen for this, but we’ll tell you how later on.
How to Avoid Scammers on the Apple AppStore
Please read the rest of Lin’s article where he discusses in detail how this came to be and how scammers are taking advantage of the system because it is excellent.
Here, let’s talk about how to avoid getting scammed.
Do not download any form of security/virus app from the App Store
You do not need it, and due to the setup of iOS, it can’t do anything but harm.
Second, always read dialogue boxes
This includes things like the contact box we saw earlier and the Purchase action we saw in the app.
Lastly, if you do ever buy something accidentally, call Apple to cancel it and report it
Alerting them of scammers helps remove them from the environment. But if you do want to cancel a subscription on a device, here is how:
To cancel a subscription on a device
- Go to Settings
- Tap on your name, which should be the first option
- Click on iTunes and App Store
- Tap on Apple ID and then View Apple ID
- Select Subscriptions
- Click on a Subscription to Unsubscribe
It seems since the posting of Lin’s article, the featured scam app has been removed from the App Store. Hopefully, this leads to a larger sting into all scams in the Apple ecosystem, but for now, be vigilant.