It’s always good to be reminded that there are no digital spaces that are completely impervious to bad actors and people who want to cause mischief, a reality that extends even to Apple’s iOS App Store that of course boasts robust protections and safeguards to keep out bad apps. That’s even though a few still slip through now and then, such as a heart rate app noticed by 9to5Mac that lies to fool you into spending money.

After downloading the app in question, called Heart Rate Measurement on the App Store, 9to5Mac reports that it works by claiming to read your heart rate through your fingertip using the iPhone’s Touch ID feature. What the app is really trying to do, though, is get you to authorize a transaction for $89.99 using Touch ID by “dramatically dimming the screen” to such a degree that you hopefully won’t notice the charge.

Of course, all you have to do is pay attention to the dialog box that pops up, even with the dimmed screen, to keep from being scammed. We haven’t tried this (the app has since been removed), but the folks over at 9to5Mac say the screen brightness does drop to its absolute lowest point before the dialog box appears.

The misleading nature of this app violates Apple’s App Store policy on a number of levels. Another point that’s just as important is the question of when the code that makes this scam possible appeared in the app. Apple, of course, has an app review process on the front end that covers in-app purchases, but it apparently doesn’t when you change the amount — like when you go from 99 cents all of a sudden to $89.99. That’s according to 9to5Mac, which also adds this particular app may have flown under the radar as it appears geared toward Portuguese customers.

This all raises the question of whether Apple may need to add some kind of after-the-fact review process for apps that also encompasses in-app purchase changes, which of course would add another potentially cumbersome layer to the app review process that developers might not like. Some kind of reporting mechanism might also be useful, so that users could flag Apple whenever they come across an app like this.

9to5Mac’s piece goes on to note this is hardly the first App Store app to use fingerprint authentication to trick users into spending money. It’s safe to bet it probably won’t be the last either. Overall, Apple does a great job keeping out applications like this, even if some slight tweaks to its process might be in order.

Comments