How developers scam Apple's App Store
Apple’s App Store has been a boon for the tech giant and developers alike. Since launching in 2008, more than 50 billion apps have been downloaded, and the store currently boasts more than 900,000 offerings. In the first quarter of 2013, Apple raked in $1.6 billion from apps alone, constituting 74 percent of the market share.
Suffice it to say, there's a lot of money to be made in these digital downloads, and much like any other highly profitable marketplace, scammers are finding ways to swipe a slice of the pie.
Enter iBlacklist Manager, an app that’s supposed to block unwanted phone calls. Despite blatant errors and user complaints, it’s not only still available in Apple’s App Store—it’s racking up thousands of downloads thanks to fake reviews and sleight-of-hand SEO.
Here’s a step-by-step look at how some app developers think iBlacklist Manager pulled it off.
1) Rip-off a popular jailbroken app
In 2007, a Brazilian developer created iBlacklist for iPhone for Cydia, a software that allows users to jailbreak—or remove the limitations from—their Apple devices. The highly praised app allows users to block any unwanted number from calling and texting them. For anyone who's ever had to deal with telemarketers or a spurned ex-significant other, it's a godsend.
Unfortunately, iBlacklist is not available for non-jailbroken iPhones. The homepage for the Cydia app discloses that in a red sign with a warning sign. The caution also notes that there is a fake app posing as iBlacklist available on the iTunes store.
This is the original.
And this is iBlacklist Manager, the imitator. Not only does the fake app rip off the name, but it blatantly steals the logo, too.
Even worse, the con app doesn't even work (more on that in the next section).
Because of the name recognition of the Cydia version of the app, and the fact that what it's promising is highly desirable—so much so that Apple announced that it was adding the feature to iOS7—the fraudulent application has jumped to the top 10 paid apps for productivity (as of this writing, it's currently No. 9), and it’s in the top 200 overall (currently No. 189), according to analytics site AppAnnie.com.
2) Get it approved by the App Store review team
This step in the scam has been the most difficult to expose largely because, by all accounts, the fraudulent app—as it stands—shouldn't even be in the iTunes App Store.
Apple is notorious for having a rigorous App review process. The quickest way to get an app thrown into the trash pile is for it to appear glitchy. iBlacklist Manager simply does not work.
This is what it looks like when opened. After a couple of seconds, the app crashes and goes straight to the home screen.
So how did it get approved in the first place? It's hard to say, but after speaking with several developers, there are a handful of possibilities.
The most prevalent theory is that iBlacklist Manager might be a hybrid app built using HTLM5 instead of being a completely native app. The difference between the two is that with HTML5, it's easy to remotely modify or remove functionality in an app after it's been approved by Apple without requiring a new review cycle.
If this is the case, then it's likely that iBlacklist Manager worked at one point, or appeared to have worked. At the very least, what a user saw on their phone matched the screenshots they provided to Apple.
Another possibility is human error. Just as notable apps have been rejected, it isn't unlikely that a shoddy one sneaks through the review process. In July 2012, Mike Lee, a former senior engineer at the tech giant, told Business Insider that the team charged with the review process is understaffed.
"People have this idea that there are 100 people in India doing app reviews," he said. "It's just people in a building at Apple, and like every other part of Apple, they can't get enough really good people. Apple will not compromise the quality of its teams to fill it in. I promise you it's a lot smaller than you imagine."
Janak Shah, a United Kingdom-based developer behind the app Ninja Jump, told us that there were different groups within Apple's app review team. Some of these, he mentioned, can be more lenient than others.
3) Buy fake positive reviews
Buying followers on popular social media platforms like Twitter and YouTube has become the new normal in recent years. The practice is so pervasive that even the U.S. State Department recently spent $630,000 to increase its Facebook reach and followers count from 100,000 to 2 million.
The iTunes App Store is no different. A cursory search showed that potential scammers could buy 50 positive reviews for as little as $54. The purpose of purchasing them is to inflate the average rating of an app—Apple uses a five-star system—and to counterbalance the inevitable wave of negative reviews from scammed users.
iBlacklist Manager appears to have taken this approach. Of its 96 reviews, 48 of them were five-star reviews, and 45 gave only one star, which brought its average rating to three stars.
The bulk of the positive ratings had a handful of things in common. For starters, they were all brief and laden with grammatical errors.
Not necessarily a telltale sign that they’re fake, but when paired with the fact that these are the only reviews that these individuals have given, well, that's when things get suspicious.
By contrast, users who've given iBlacklist Manager one-star reviews have also rated other apps, most likely because they're real people.
As previously noted, iBlacklist Manager has been in the top 10 paid apps for the productivity category and top 200 overall paid apps since it launched on June 29. The high ranking has resulted in thousands of downloads, which in turn, at $4.99 a pop, translates to a tidy profit, if the downloads were, in fact, legitimate.
We can't know for sure how much revenue iBlacklist Manager has raked in, but we can at least try to add some context. According to a recent study published by app market analytics firm Distimo, an app in the top 10 overall paid apps generates roughly $47,000 daily. A top 50 app makes around $12,000 daily.
Amazingly, this isn't the first time that iBlacklist Manager has made it to the iTunes App Store. In fact, AppAnnie.com shows the app—or a near identical version of it—has been on the Apple market place at least 18 times. All of these submitted apps share the word "iBlacklist" in the title and the product description. They do differ in terms of price (from $0.99 to $11.99).
The apps were also submitted by a slew of developers. The current iteration of iBlacklist Manager was created by Purple Rose, which did not respond to a request for comment. Other names include Ana Pirlea, Quang Nguyen, Nguyen Huu Son, Dinh Thi Thanh Thuy, and Nguyen Huu Manh.
"In my opinion, assuming the 18 iBlacklist apps are somehow connected, it seems that [the developer] always has an upload in the wings in case of or planning for the app being pulled," he told the Daily Dot via Skype. "My guess is that [he or she] pulls it before Apple can catch on."
So who's responsible for this scam? We still don't know, but we at least have our suspicions.
Of all the names associated with iBlacklist, the one that appeared the most is CXI Gaming. The company has successfully launched 128 other apps, all of them largely useless. We looked up the registry information for CXIGaming.com and learned that they were based out of Ottawa, Ontario. Although the address they provided was an obvious fake (888 CXI Way), the telephone number appeared to be real. We dialed the number in hopes of speaking with someone, but our calls went unanswered.
Just about every person we spoke to on the subject was amazed that someone had successfully pulled this effort off in the first place. That's an understandable sentiment given that this person has seemingly covering his or her tracks for at least a year. It's unlikely that a would-be hustler could pull of a potential scam like this one to such great success, but until Apple begins to police its app marketplace more closely, others will certainly try.
Photo via Gordon Mei/Flickr