Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Developer Highlights How Fake Apps Scam Users Via Apple's In-App Purchasing System

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,176
37,136


Apple hosts millions of apps on the App Store, calling the platform a "safe and trusted" place to discover apps. While mainly true, Apple has come under criticism for hosting many different scam apps on the platform, some even raking in millions in revenue.

app-store-safe-secure.jpg

In February, developer Kosta Elefherious highlighted how many of his own apps, including the popular Apple Watch keyboard, FlickType, gets blatantly copied on the App Store. Eleftheriou says that copies of his apps can trick Apple's App Store algorithm into giving it prominence by fake ratings and five-star reviews.

Now, Eleftheriou has highlighted yet another scam app on the App Store. This time Eleftheriou is shining a light on how one scam app called "Privacy Assitant: StringVPN" uses Apple's in-app purchasing system to trick people into purchasing either a weekly, monthly, or yearly subscription for a fake VPN service.

The scam app promises to offer a "full-featured" and "safe" VPN experience, but that's not the case. The app has a total of 104 reviews and a 3.5/5 rating at the time of writing. The majority of reviews praise the app as being "perfect" and say it offers "the best experience ever." The masses of fake reviews posted by the developer tricks Apple's App Store algorithm into boosting its appearance in search results, making it easier for other users to discover and download the app.

However, there are real reviews posted by users scammed by the app in the barrage of fake reviews. One user says the app tricked them into purchasing its yearly $89.99 subscription without the option to chose weekly or monthly, and notes how the app looks like a legitimate VPN app.
They did not show the different payment options for weekly or monthly. Yearly was the only option. I'm reporting to Apple to get a refund. There is no way to contact them directly, and there are no reviews when I did a Google search on this App... It tries to look like a "strongVPN" app, which has many positive reviews.
Click to expand...
Other legitimate App Store reviews describe an experience in which they received a pop-up in Safari encouraging them to download the app, only for the app to scam them into purchasing its expensive "subscription."
ITS A SCAM!!!!! IF YOU GOT A SECURITY ALERT THROUGH SAFARI ITS A SCAM!!!! DO NOT UNDER ANY CIRCUMSTANCES PUT YOUR INFO IN THIS APP!!!! THERE IS A REASON YOU CANT CANCEL YOUR SUBSCRIPTIONS!!!!!

Was charged for app from a pop up. Could not find a way to contact and request refund. Had to contact apple and report it. Was told I would be refunded. Still waiting for the refund. Will be reporting them over and over again!
Click to expand...
As Eleftheriou notes, the app is grossing around $1 million per month by scamming users, and is even ranked #32 at the time of writing in the App Store's Utilities category.

There are other alarm bells, such as the fact that the app's website is blank, and the developer lists a fake email with a fake domain provider for its "privacy contact." In a previously issued statement, Apple said it does not "tolerate fraudulent activity on the App Store" and that it will work hard to put in place "stringent rules against apps and developers who attempt to cheat the system."

Apple's in-app purchasing system, the center of this scamming tactic, has come under increased scrutiny recently. The criticism has come mainly from Epic Games, who are taking into question the fact that for every purchase made inside of an app, Apple takes a 30% commission from the revenue. In this case, even with the fake VPN app, Apple is earning a profit, at the expense of scammed users.

Article Link: Developer Highlights How Fake Apps Scam Users Via Apple's In-App Purchasing System
 
Article Link
https://www.macrumors.com/2021/04/07/developer-highlights-scam-apps-iap/
Last edited:
  • Like
Reactions: rumormiller
Apple is happy to sit on their hands. They're making a lot of money off these in-app purchases. It's only when the cost of negative press, unhappy users, and refunds outweighs the profit they are making now that anything will change.
 
  • Like
  • Disagree
Reactions: DeepIn2U, Hammerd, goobot and 18 others
One thing the mentioning of Epic Games got me thinking of:

Imagine they get their way and alternate payment / subscription methods are allowed in the App Store. How would you get a refund for a Scam App if they use another / their own payment provider? I imagine it will be MUCH harder than getting a refund from Apple.

The Scam Apps will always be there trying to get around any barriers Apple set up, but if they can charge you directly without going through Apple, they will be much more succesfull and much harder to stop.

I agree Apple is doing a very poor job of stopping them now (and make money themselves from the scams) but they DO have a point when they warn against alternate app stores and payment systems. But they need to be MUCH BETTER themselves at policing their store if they want to prove the benefit of the walled garden is real.
 
  • Like
  • Disagree
Reactions: peanuts_of_pathos, rjp1 and Mystakill
Fake reviews have been a thing on many platforms for years yet, oddly, more people trust online anonymous reviews than ever before. It’s not odd that the almighty algorithm brings these things to the forefront just like it does on YouTube and other places.

Buying based on a pop up ad (or scare tactic) in a web browser should also be a big raging clue that you shouldn’t download just based on that. Some degree of due diligence on the customer’s part should be expected.

That said, it is in Apple’s interest to do more to stop fake apps from coming in and to use more tools to identify potential suspect apps out there previously approved. I don’t know to what extent they research things on the store but at the profit margins they have right now for services they could easily hire several more people...
 
  • Like
Reactions: peanuts_of_pathos, ingik and opiapr
MacRumors said:


Apple hosts millions of apps on the App Store, calling the platform a "safe and trusted" place to discover apps. While mainly true, Apple has come under criticism for hosting many different scam apps on the platform, some even raking in millions in revenue.

app-store-safe-secure.jpg

In February, developer Kosta Elefherious highlighted how many of his own apps, including the popular Apple Watch keyboard, FlickType, gets blatantly copied on the App Store. Eleftheriou says that copies of his apps can trick Apple's App Store algorithm into giving it prominence by fake ratings and five-star reviews.

Now, Eleftheriou has highlighted yet another scam app on the App Store. This time Eleftheriou is shining a light on how one scam app called "Privacy Assitant: StringVPN" uses Apple's in-app purchasing system to trick people into purchasing either a weekly, monthly, or yearly subscription for a fake VPN service.

The scam app promises to offer a "full-featured" and "safe" VPN experience, but that's not the case. The app has a total of 104 reviews and a 3.5/5 rating at the time of writing. The majority of reviews praise the app as being "perfect" and say it offers "the best experience ever." The masses of fake reviews posted by the developer tricks Apple's App Store algorithm into boosting its appearance in search results, making it easier for other users to discover and download the app.

However, there are real reviews posted by users scammed by the app in the barrage of fake reviews. One user says the app tricked them into purchasing its yearly $89.99 subscription without the option to chose weekly or monthly, and notes how the app looks like a legitimate VPN app.
Other legitimate App Store reviews describe an experience in which they received a pop-up in Safari encouraging them to download the app, only for the app to scam them into purchasing its expensive "subscription."
As Eleftheriou notes, the app is grossing around $1 million per month by scamming users, and is even ranked #32 at the time of writing in the App Store's Utilities category.

There are other alarm bells, such as the fact that the app's website is blank, and the developer lists a fake email with a fake domain provider for its "privacy contact." In a previously issued statement, Apple said it does not "tolerate fraudulent activity on the App Store" and that it will work hard to put in place "stringent rules against apps and developers who attempt to cheat the system."

Apple's in-app purchasing system, the center of this scamming tactic, has come under increased scrutiny recently. The criticism has come mainly from Epic Games, who are taking into question the fact that for every purchase made inside of an app, Apple takes a 30% commission from the revenue. In this case, even with the fake VPN app, Apple is earning a profit, at the expense of scammed users.

Article Link: Developer Highlights How Fake Apps Scam Users Via Apple's In-App Purchasing System
Click to expand...
The only scam here are Apple Developers fees.....
 
  • Disagree
  • Like
Reactions: TiggrToo, ksec, Dan Holmstock and 1 other person
Peter321 said:
One thing the mentioning of Epic Games got me thinking of:

Imagine they get their way and alternate payment / subscription methods are allowed in the App Store. How would you get a refund for a Scam App if they use another / their own payment provider? I imagine it will be MUCH harder than getting a refund from Apple.

The Scam Apps will always be there trying to get around any barriers Apple set up, but if they can charge you directly without going through Apple, they will be much more succesfull and much harder to stop.

I agree Apple is doing a very poor job of stopping them now (and make money themselves from the scams) but they DO have a point when they warn against alternate app stores and payment systems. But they need to be MUCH BETTER themselves at policing their store if they want to prove the benefit of the walled garden is real.
Click to expand...
Great point. The bolded. If one gets scammed and Apple is not the centralized payment processor, good bye money.
 
  • Like
  • Disagree
Reactions: amartinez1660, peanuts_of_pathos, TiggrToo and 1 other person
jonplackett said:
So much for that walled garden. Seems like more of a small fence.
Click to expand...
The issue really is the hubris over any app found to be a scam/malware app, even the percentage is extremely low.

This doesn't bode well that what others want be better than the current system, and probably much worse. Apple does need to step up it's game here.
 
  • Like
Reactions: opiapr
Peter321 said:
One thing the mentioning of Epic Games got me thinking of:

Imagine they get their way and alternate payment / subscription methods are allowed in the App Store. How would you get a refund for a Scam App if they use another / their own payment provider? I imagine it will be MUCH harder than getting a refund from Apple.

The Scam Apps will always be there trying to get around any barriers Apple set up, but if they can charge you directly without going through Apple, they will be much more succesfull and much harder to stop.

I agree Apple is doing a very poor job of stopping them now (and make money themselves from the scams) but they DO have a point when they warn against alternate app stores and payment systems. But they need to be MUCH BETTER themselves at policing their store if they want to prove the benefit of the walled garden is real.
Click to expand...
I just got scammed the other day via iMessage. Of course you could get scammed via Safari or another browser. And what about all of the IAP that is non-digital where you’re not using Apple’s payment system? Apple needs to do a much better job policing the App Store and they should make it easier for customers to contact developers directly even if the developer is using Apple‘s IAP.
 
  • Like
Reactions: ipponrg and peanuts_of_pathos
Peter321 said:
One thing the mentioning of Epic Games got me thinking of:

Imagine they get their way and alternate payment / subscription methods are allowed in the App Store. How would you get a refund for a Scam App if they use another / their own payment provider? I imagine it will be MUCH harder than getting a refund from Apple.
Click to expand...
Why do you imagine this? Amazon is easy to get a refund for something, Apple isn't. 3rd parties using their own payment provider will provide the CS and no one can say whether any individual software company will be easy or hard to work with. You always have your CC / bank as a last defense. Dispute the charge. Easy.
 
  • Like
Reactions: peanuts_of_pathos, rjp1 and Dan Holmstock
Are bots approving apps or something at Apple?

It is going to be harder and harder to curate their store as it gets bigger. But you have to put your money where your mouth is, if Apple say its safe, and this is the way the store works, but provide no developer and consumer protection, its going to be hard to justify the no sideloading apps position. I'm not a fan of sideloading apps, but Apple need to get on this. Especially as they tout user privacy etc.
 
  • Like
Reactions: peanuts_of_pathos and rjp1
dmylrea said:
Why do you imagine this? Amazon is easy to get a refund for something, Apple isn't. 3rd parties using their own payment provider will provide the CS and no one can say whether any individual software company will be easy or hard to work with. You always have your CC / bank as a last defense. Dispute the charge. Easy.
Click to expand...
The point is more along the lines of:
- app store decentralization as some have been promoting
- payment processing decentralization as some have been promoting
- sideloading as some have been promoting

Any and all problems highlighted about the app store will multiply exponentially. It's not good for consumers overall.
 
  • Like
  • Disagree
Reactions: amartinez1660, peanuts_of_pathos, rumormiller and 2 others
Clearly Apple needs to do something here but then again, how stupid are people to spend $90 on a yearly VPN subscription without any option to just try it out?

Seems there is a legit business case for addressing the needs of people feeling they can trust anything put in their face!
 
  • Like
Reactions: Will Co
Another cheap trick is advertising removal subscription, not managed by in app subscription, but directly with the app vendor site. Apparently Apple AppStore has no idea about this.
 
joshwenke said:
Apple is happy to sit on their hands. They're making a lot of money off these in-app purchases. It's only when the cost of negative press, unhappy users, and refunds outweighs the profit they are making now that anything will change.
Click to expand...

This just shows that its not really Apple making the sale, but the Dev making the sale and Apple getting a cut. Its all fundamentally profit for Apple. Only when things hit the press they do something. Otherwise, they are very good and quick in enforcing policies in and around their cut.

The Apps you love from the only place you can get them on your phone.
 
Rogifan said:
I just got scammed via iMessage. Called my credit card company, opened a dispute and within 2 days I had a refund on my card.
Click to expand...
And you are a very tech-savvy, very smart person (I have followed and admired your posts for years). If you can get scammed, that's a warning to all of us. Good to hear you got a refund.
 
  • Like
Reactions: rjp1 and Dan Holmstock
"Report a problem" does nothing? There is also the option "suspicious activities" (or something like that). If you report something here, will it be get ignored?
 
  • Like
Reactions: peanuts_of_pathos
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back