The whole point of Apple erecting safeguards around the App Store was to provide consumers with some piece of mind. Because every app in the App Store has to be approved by Apple, curious consumers can download and try out any number of apps without having to worry about malware, adware, or any other type of issue that Apple likes to claim plagues the Google Play Store. Alas, Apple’s beloved App Store is itself home to a selection of scamware apps that essentially provide zero utility and are expressly designed to con unsuspecting users out of their hard-earned money.
In a fascinating and must-read piece that originally appeared on Medium, Johnny Lin details how a number of ostensibly security-oriented apps are generating upwards of $80,000 a month by basically tricking consumers into signing up for security-based app subscriptions that they most certainly do not need. Lin’s piece specifically hones in on an app called Mobile protection :Clean & Security VPN. Yes, that’s the app’s real name and how the punctuation actually appears in the App Store.
After downloading the app and exploring a bit, Lin noticed that there were red flags at every turn. Almost immediately, the app informs him that his device is “at risk.” Not too long after, he’s presented with an opportunity to run an anti-virus scan free of charge for 7 days. Of course, the rub is that the next prompt includes a Touch ID authentication window which relays that once the 7-day trial period expires, a recurring 7-day subscription to the tune of $99.99 will commence.
The notion that something like this appears in the App Store — which Apple is supposed to keep close tabs on — is noting short of infuriating and inexcusable.
And this app in question, believe it or not, generates tens of thousands of dollars each and every single month.
Part of the problem, Lin writes, is that many apps which claim to be security apps are gaining users via Apple’s own ad system.
Turns out, scammers are abusing Apple’s relatively new and immature App Store Search Ads product. They’re taking advantage of the fact that there’s no filtering or approval process for ads, and that ads look almost indistinguishable from real results, and some ads take up the entire search result’s first page.
Later, I dug deeper to find that unfortunately, these aren’t isolated incidents — they’re fairly common in the app store’s top grossing lists. And this isn’t just happening with security related keywords. It seems like scammers are bidding on many other keywords.
For instance, Lin notes that a search for Wi-Fi yields an app that promises to generate random passwords for you for the low low price of just $50/month.
Again, this is nothing short of outrageous. Apple needs to get a handle on this problem as fast as it can. For a company that prizes the user experience as much as Apple does, it’s disappointing that the supposed walled garden that is the App Store is helping scammers bilk iOS users out of insane amounts of money. Lin’s full in-depth write-up on the issue is incredibly well done and can be checked out in its entirety over here.
As a final point, John Gruber over at Daring Fireball makes a good point, noting: “There should be no “virus and malware” scanners in the App Store. None. iOS does not need anti-virus software. The App Store sandboxing rules mean that anti-virus software couldn’t really do anything useful anyway.”