Cracks begin to show in the security of Apple’s App Store
Apps are tricking people into using their fingerprint to make purchases.
Apple’s ecosystem is often called a “walled garden” due to how tightly Apple controls every aspect of it. That includes a large team of reviewers that look over every single submission and update for over 2 million apps in the App Store for iOS.
That review process can be circumvented, with hackers tricking devs in the past to get malicious code past the watchers. Now it seems that the review process itself isn’t infallible, with two examples of malicious apps that steal money in the form of in-app purchases getting into the App Store.
Here’s what is going on
One app that 9to5Mac put the spotlight on uses the iPhone fingerprint scanner to trick the user into making purchases they didn’t intend to. The app told users that it could read their heart rate through their fingerprint.
That’s impossible for the hardware on the iPhone to do, it was all to trick the user into holding their fingerprint on the TouchID scanner which would then approve the in-app purchase the scammer wanted. This could be up to $120 at a time from your credit card.
A similar app called “Fitness Balance” was also shared on Reddit over the weekend, also tricking users to put their fingerprint onto the TouchID sensor to scam them out of money with fraudulent in-app purchases.
.@AppleSupport this app called Fitness Balance is trying to scam people out of $100+ dollars by tricking them into purchasing their in-app purchases. It is unacceptable this app managed to get on your App Store. pic.twitter.com/I68vwQoG86
— Jacques Fourie (@Jac4e) November 29, 2018
The apps discussed on Reddit and by 9to5Mac have been removed from the App Store.
Apple and the App Store
As revenue from the App Store becomes more of a central push of Apple’s business strategy, scams are only going to increase in frequency and deviousness. The Cupertino-based company has recently refocused investor attention on its online services and has said that it will stop publicly revealing iPhone sales figures.
Obviously, some apps are falling through the cracks in the human review process. Still, two apps (that we know of) out of millions isn’t bad. Google’s Play Store also had a recent spate of malware, with around 500,000 users affected.
- Apple could finally be working on wireless charging for the AirPods
- Google Assistant will now praise you for being nice to it
- Amazon just released its annual Best of Prime report