Cracks Begin to Show in the Security of Apple’s App Store
Apple’s ecosystem is sometimes called a ‘walled garden’ due to how tight Apple controls every aspect of it. That includes a great team of reviewers that look over every single submission and update for over 2 million apps in its App Store.
That review process can be frustrating, with hackers trying to trick developers in the past to get malicious code past the reviewers. Now it appears that the review process itself is not infallible after all, with two examples of malicious apps that steal money in the form of in-app purchases getting into the App Store.
Here’s what is going on
One app that 9to5Mac put the spotlight on uses the iPhone fingerprint scanner to trick its users into making purchases they didn’t intend to. The app tells users that it could read their heart rate through their fingerprint.
That is impossible for the hardware on the iPhone to do, it was all to trick the user into holding out their fingerprint on the TouchID scanner which would then approve the in-app purchase the scammer wanted. This could be up to $120 at a time from your credit card.
A similar app called “Fitness Balance” was also shared on Reddit over the weekend, which was even tricking its users to put their fingerprint onto the TouchID sensor to scam them out of their money with fraudulent in-app purchases.
.@AppleSupport this app called Fitness Balance is trying to scam people out of $100+ dollars by tricking them into purchasing their in-app purchases. It is unacceptable this app managed to get on your App Store. pic.twitter.com/I68vwQoG86
— Jacques Fourie (@Jac4e) November 29, 2018
The apps which were discussed on Reddit and by 9to5Mac have since been removed from the App Store.
Apple and the App Store
As revenue from the App Store becomes more of a central push of Apple’s business strategy, scams are only going to increase in deviousness and high frequency. The Cupertino-based company has recently refocused its investor attention on its online services and has said that it will stop publicly revealing iPhone sales figure.
Some apps are falling through the cracks in the human review process. But still, two apps that we know of out of millions isn’t that bad. Google’s Play Store also had a recent overflow of malware with over 500,000 users affected.