Want to share with your friends too?

05 Dec 2018

Two iOS apps tricked users into paying money: See how

Two iOS apps tricked users into paying money

The problem of dodgy apps, which has been common on Android, appears to be extending to Apple's App Store.

Just recently, several Reddit users flagged two iOS apps for tricking them into paying money.

The apps, which have now been removed, looked like any other legit fitness application but duped them into authenticating transactions via Touch ID.

Here's more on the scam.

In context

Two iOS apps tricked users into paying money
How these apps fooled users

Apps' details

How these apps fooled users

The apps, named 'Fitness Balance' and 'Calorie Tracker', looked like regular fitness apps promising features like BMI and calorie tracking.

However, as and when they were opened, the users were requested to scan their fingerprint in order to access the content.

At first, this seemed like an additional security step, but the apps were actually initiating transactions of $100-150 by misusing Apple's Touch ID.


On placing the finger, the transaction is authenticated

Touch ID enables one-touch payment, which is exactly what the developer behind these apps wanted to leverage.

If the user complied with the finger-placement request, the apps generated a self-disappearing pop-up of payment details.

The pop-up highlighted the scam, but if the user already had his finger on the scanner and credit/debit card detailed linked with Apple account, the transaction would process immediately.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Multiple people posted videos on Reddit

Several users reported this scam, with many even posting videos of how the dodgy apps tried stealing money. Notably, both the apps demonstrated pretty similar behavior - a fact that suggests both apps came from the same developer.

Plus, they both had positive reviews

Worrying sign

Plus, they both had positive reviews

The apps have been removed from App Store, but the worrying part is, they both had positive reviews and high rating on the App Store.

This highlights a common technique used by scammers to make their apps look legit and good enough to download, ESET security researcher Lukas Stefanko said in a statement after analyzing the two apps.

Preventive steps

How to avoid such apps?

The best way to avoid dodgy apps is to look for apps from reputed developers and with thousands of reviews, Stefanko says.

Also, don't forget to look at the negative reviews of the app, because those are mostly not fake.

You can even go for an added layer of security by installing a decent Antivirus app on your iOS or Android device.

Ask NewsBytes
User Image

Next Timeline