- Anti-Trump bros Ed and Brian Krassenstein get kicked off Twitter Thursday 8:07 PM
- Amazon is trying to solve pushback on facial recognition software with a web form Thursday 6:56 PM
- T.I. says Nipsey Hussle’s death was ‘like losing Iron Man’ Thursday 6:32 PM
- Facebook banned billions of fake accounts in the first 3 months of this year Thursday 5:49 PM
- Twitch streamer gets banned for drunkenly passing out during broadcast Thursday 5:00 PM
- WikiLeaks’ Julian Assange indicted under Espionage Act Thursday 4:39 PM
- These doctored videos want to make you think Nancy Pelosi is always drunk Thursday 4:02 PM
- A robot could soon be delivering your packages from a self-driving car Thursday 3:29 PM
- Bipartisan anti-robocall bill overwhelmingly passes Senate Thursday 2:40 PM
- Deepfake-style videos can now be made with just a single image Thursday 1:57 PM
- The Lonely Island’s ‘Bash Brothers’ is what Netflix should be doing with short-form comedy Thursday 1:55 PM
- ‘Green dress lady’ proves green screen memes are still going strong Thursday 1:45 PM
- ‘Bowling alley strike screen’ memes are bizarre and wonderful Thursday 12:40 PM
- TikTok star Mohit Mor shot and killed Thursday 12:00 PM
- Stephen A. Smith is baby Thursday 11:43 AM
How this Touch ID scam can cost iPhone users hundreds of dollars
Kārlis Dambrāns/Flickr (CC-BY)
These iPhone Touch ID scams are one to watch for.
We trust Apple to protect us against scammers and malware in exchange for the hefty cut it takes from every dollar we spend in the iOS App Store. And to be fair, the company does a fairly decent job of keeping malicious apps out of its mobile app market. The App Store’s rigorous vetting process makes sure every app that finds its way into its digital shelves adheres to security rules and doesn’t contain malicious code.
However, occasionally, scammers and hackers find ways to slip through the App Store’s safeguards. This month, redditors exposed two fitness apps on App Store that used clever tactics to defraud users out of their money.
What made the scam especially significant is that avoiding it requires awareness and quick reflexes by the user. The apps also made use of the normal functionality of iOS apps and didn’t contain any malicious code, which makes it harder for the App Store security team to detect it.
How the Touch ID scam works
“Fitness Balance” and “Calories Tracker” introduce themselves as two apps that provide health assistance and diet recommendation. When you launch the apps for the first time, they require you to pass a fingerprint scan to create a health profile for you. This sounds like a fair way to protect sensitive health information.
But as you’re going through the scanning process, the app suddenly pops up a payment approval request. Since your finger is already on the fingerprint scanner, iOS will automatically approve the payment and the popup will disappear in mere seconds.
If you manage to retract your finger and skip the payment, the app will show another popup and insist that you need to go through the fingerprint scanning process again so that it can charge you. In the screenshots shared, users were getting hit with fees over $100.
What’s interesting is that the scammy apps are using functionality that is perfectly legal, which is to get the user’s confirmation for the payment. However, they’re using it in a deceitful manner, which is a violation of the App Store’s Terms of Service.
What’s even more notable is that when users contacted the developer and communicated the issue, the developer replied with an automated response, claiming they’re “working hard to fix it.”
How to protect yourself
First things first, Apple has already removed both apps after users reported them. Also, if you’ve been scammed by any of the apps, you’re eligible for a refund, since the app has violated Apple’s rule of not tricking users into spending money.
However, there’s no guarantee that a similar—or worse—scam doesn’t find its way into the App Store. Here are several tips that can help you identify and avoid such scams.
- Prefer trusted developers: When downloading apps that provide extremely common functionalities, such as fitness and calorie tracking, try to choose a reliable developer. Reputable apps should have thousands of downloads and hundreds of reviews. Their developers should also have a verifiable online presence (website, social media accounts, LinkedIn, etc.).
- User reviews are important: Reviews can tell much about the app you’re about to install. Both of these apps had few reviews, and all of them were positive, which is suspicious. As ESET’s Lukas Stefanko explains, positive feedback is easily faked, negative reviews are more likely to reveal the true nature of the app.
- iPhone X users are protected: Since the scam is designed to work with fingerprint scanners, it won’t work iPhone X, because it has ditched Touch ID for Face ID, Apple’s facial recognition technology. Payment and app install approvals on iPhone X require a double click of the power button and a face scan.
Ben Dickson is a software engineer and founder of TechTalks. His work has been published by TechCrunch, VentureBeat, the Next Web, PC Magazine, Huffington Post, and Motherboard, among others.