U.S. Markets closed
  • Gold

    1,768.40
    -9.80 (-0.55%)
     
  • Silver

    23.03
    +0.46 (+2.05%)
     
  • EUR/USD

    1.1696
    -0.0034 (-0.2924%)
     
  • 10-Yr Bond

    1.3360
    +0.0120 (+0.91%)
     
  • Vix

    20.87
    -3.49 (-14.33%)
     
  • GBP/USD

    1.3619
    -0.0045 (-0.3282%)
     
  • USD/JPY

    109.7800
    +0.5600 (+0.5127%)
     
  • BTC-USD

    43,130.84
    +419.53 (+0.98%)
     
  • CMC Crypto 200

    1,089.55
    +49.07 (+4.72%)
     
  • FTSE 100

    7,083.37
    +102.39 (+1.47%)
     
  • Nikkei 225

    29,639.40
    -200.31 (-0.67%)
     

New scammy iOS app shows Apple may need to tweak its App Store review process

It’s always good to be reminded that there are no digital spaces that are completely impervious to bad actors and people who want to cause mischief, a reality that extends even to Apple’s iOS App Store that of course boasts robust protections and safeguards to keep out bad apps. That’s even though a few still slip through now and then, such as a heart rate app noticed by 9to5Mac that lies to fool you into spending money.

Top Cyber Week Deals: Today’s best deals: Bose headphones, $20 128GB SanDisk microSD, $6 smart plugs, Philips Hue, moreThe hot new Arc-1 headphones that go toe to toe with Bose are discounted for the first timeThe $90 Philip Hue LightStrip Plus is awesome, but get this $30 alternative instead

After downloading the app in question, called Heart Rate Measurement on the App Store, 9to5Mac reports that it works by claiming to read your heart rate through your fingertip using the iPhone’s Touch ID feature. What the app is really trying to do, though, is get you to authorize a transaction for $89.99 using Touch ID by “dramatically dimming the screen” to such a degree that you hopefully won’t notice the charge.

Of course, all you have to do is pay attention to the dialog box that pops up, even with the dimmed screen, to keep from being scammed. We haven’t tried this (the app has since been removed), but the folks over at 9to5Mac say the screen brightness does drop to its absolute lowest point before the dialog box appears.

The misleading nature of this app violates Apple’s App Store policy on a number of levels. Another point that’s just as important is the question of when the code that makes this scam possible appeared in the app. Apple, of course, has an app review process on the front end that covers in-app purchases, but it apparently doesn’t when you change the amount — like when you go from 99 cents all of a sudden to $89.99. That’s according to 9to5Mac, which also adds this particular app may have flown under the radar as it appears geared toward Portuguese customers.

This all raises the question of whether Apple may need to add some kind of after-the-fact review process for apps that also encompasses in-app purchase changes, which of course would add another potentially cumbersome layer to the app review process that developers might not like. Some kind of reporting mechanism might also be useful, so that users could flag Apple whenever they come across an app like this.

9to5Mac’s piece goes on to note this is hardly the first App Store app to use fingerprint authentication to trick users into spending money. It’s safe to bet it probably won’t be the last either. Overall, Apple does a great job keeping out applications like this, even if some slight tweaks to its process might be in order.

BGR Top Deals:

  1. Today’s best deals: Bose headphones, $20 128GB SanDisk microSD, $6 smart plugs, Philips Hue, more

  2. The hot new Arc-1 headphones that go toe to toe with Bose are discounted for the first time

Trending Right Now:

  1. Yup, Samsung is finally ready to copy the iPhone design decision it’s been mocking since 2016

  2. Leak reveals how insanely thin the bezels are on Samsung’s all-screen Galaxy S10

  3. Best Buy kicks off 20 days of doorbuster deals on tech and gadgets this weekend

See the original version of this article on BGR.com