We all know about the scams and dangers often lurking in Google Play Store. Now it turns out that Apple App Store is not that different, either. According to a new analysis conducted by Washington Post, fraud is widespread across Apple App Store. The analysis also offers a “glimpse into the revenue flowing into Cupertino generated by those malicious activities.”
Apple’s monopoly on application access: a risky behavior
According to Apple’s CEO Tim Cook, Apple’s monopoly on application access is needed to maintain safety and effectiveness. However, Washington Post’s analysis suggests that, out of all of the top 1000 grossing apps, nearly 2 percent are scams. Apple customers have paid $48 million for access to these apps, and the company gets a 30 percent cut of every transaction.
“But among the 1.8 million apps on the App Store, scams are hiding in plain sight. Customers for several VPN apps, which allegedly protect users’ data, complained in Apple App Store reviews that the apps told users their devices have been infected by a virus to dupe them into downloading and paying for software they don’t need. A QR code reader app that remains on the store tricks customers into paying $4.99 a week for a service that is now included in the camera app of the iPhone. Some apps fraudulently present themselves as being from major brands such as Amazon and Samsung,” the article reveals.
It is noteworthy that the scale of this problem has never been reported before. Quite common in the Apple App Store are the so-called fleeceware apps that use fake customer reviews to move up in store rankings.
The nature of fleeceware apps
The fleeceware term was coined last year by Sophos researchers. It refers to apps that leverage legal loopholes in the app trial mechanism in Android. Apparently, fleeceware apps are now targeting iOS devices as well. More specifically, “fleeceware” refers to an entirely new category of applications that are neither unwanted nor malicious. However, these apps are designed to overcharge users in a very clever way, and thus, they shouldn’t be kept on devices.
Both Google Play Store and Apple App Store allow app developers to set up trial periods for commercial, paid and subscription apps. Thanks to this trial period, users can sign up for the app to try it by giving it permission to obtain a charge on the user’s app store account. Once the trial period is over, the user is charged automatically and able to use the app.
This is where fleeceware comes into play. These apps exploit the loophole that app makers can still charge users even after the specific app is uninstalled from the device.
Apple continuously facing scrutiny for the way it maintains Apple App Store
“The most valuable company in U.S. history, Apple is facing unprecedented scrutiny for how it wields its power and is fighting to hold onto it, including in a blockbuster trial that concluded last month,” Washing Post says. Furthermore, Apple’s store faces no competition and is the only way for iPhone owners to download applications to their devices without bypassing Apple’s restrictions. This way, the company “keeps a tight grip on software distribution and payments on iOS. Apple’s outstanding monopoly may be an issue, as it creates the illusion of an environment that is completely safe, experts warn.
Furthermore, as Apple doesn’t face any major competition, there’s little incentive for Apple to spend money on improving the app store. Here’s an opinion on the matter, from Stan Miles, an economics professor at Thompson Rivers University in British Columbia, Canada:
If consumers were to have access to alternative app stores or other methods of distributing software, Apple would be a lot more likely to take this problem more seriously.
To illustrate the potential risk of the environment in Apple App Store, the Post also shared a story from Simon Willison, a software engineer and a former iOS developer, who recently was tricked by an app that wasn’t what it presented itself as:
Willison owns a Samsung television and went to the App Store on his phone to install the accompanying Samsung remote control app called “SmartThings.” An app called “Smart Things” popped up, claiming to be a remote for Samsung televisions. Willison paid $19 for the app. “I thought wow, Samsung has gone downhill. They’re nickel and diming me for my remote control?”
It turns out the app was pretending to be the genuine Samsung product. His mistake, he says, was an “assumption that the App Store review process was good,” he said. “I held Apple in higher regard than I did Samsung.”
Of course, Apple claims it is constantly improving its methods for detecting scams, claiming that it catches scams within a month. The company recently said that it employed new tools for the verification of user reviews, adding that last year it removed 470,000 app developer accounts from its App Store. Despite Apple’s efforts, these developers can still create new accounts and continue to distribute applications.
Related: The State of Apple’s Privacy So Far in 2021
Related: Google and Apple Collect Telemetry Data Even When Users Opt Out
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: