Connect with us

Apps

Cracks begin to show in the security of Apple’s App Store

Apps are tricking people into using their fingerprint to make purchases.

Apple logo privacy
Image: Unsplash

Apple’s ecosystem is often called a “walled garden” due to how tightly Apple controls every aspect of it. That includes a large team of reviewers that look over every single submission and update for over 2 million apps in the App Store for iOS.

That review process can be circumvented, with hackers tricking devs in the past to get malicious code past the watchers. Now it seems that the review process itself isn’t infallible, with two examples of malicious apps that steal money in the form of in-app purchases getting into the App Store.

Here’s what is going on

One app that 9to5Mac put the spotlight on uses the iPhone fingerprint scanner to trick the user into making purchases they didn’t intend to. The app told users that it could read their heart rate through their fingerprint.

That’s impossible for the hardware on the iPhone to do, it was all to trick the user into holding their fingerprint on the TouchID scanner which would then approve the in-app purchase the scammer wanted. This could be up to $120 at a time from your credit card.

A similar app called “Fitness Balance” was also shared on Reddit over the weekend, also tricking users to put their fingerprint onto the TouchID sensor to scam them out of money with fraudulent in-app purchases.

https://twitter.com/Jac4e/status/1068222012059860992

The apps discussed on Reddit and by 9to5Mac have been removed from the App Store.

Apple and the App Store

As revenue from the App Store becomes more of a central push of Apple’s business strategy, scams are only going to increase in frequency and deviousness. The Cupertino-based company has recently refocused investor attention on its online services and has said that it will stop publicly revealing iPhone sales figures.

With Apple encouraging developers to adopt subscription models for their apps so they can collect regular recurring revenue, this opens the door to scams. Are apps with in-app purchase functions given less scrutiny in the review process? Apple’s CEO Tim Cook has gone on record saying that “We’re looking at every app in detail. What it is doing, is it doing what it’s saying it’s doing, is it meeting the privacy policy that they’re stating, right?”

Obviously, some apps are falling through the cracks in the human review process. Still, two apps (that we know of) out of millions isn’t bad. Google’s Play Store also had a recent spate of malware, with around 500,000 users affected.

What do you think? Have you been deceived by any apps on the App Store? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Apps