It’s time for Apple to take action​.

Editor’s note: This article is from the micro-channel public number “CSDN” (ID: CSDNnews), Author: Zheng Liyuan.

Apple users know that there is only one way to download software on their devices, and that is the App Store, Apple’s official application store. Apple, which has always regarded “security” as a big trump card, naturally scrutinizes its applications.

But now, please pay attention to the “fruit fans”: some “good-looking” scam apps have been mixed into the App Store and have scammed millions of dollars!

False 5 star reviews

App developer Kosta Elefherious recently unveiled a scam called “Privacy Assitant: StringVPN” fraudulent app on Twitter. This App claims to provide a “full-featured” and “safe” VPN experience, but this is not the case.

According to Elefherious’s disclosure, a large number of 5-star reviews of this app are written by the developer themselves, or even by the machine.

5 star rating 1: “They are very fast and professional. I hope to use it safely for many years. Thank you for making my phone and personal business safe.”

5 star rating 2: “This app makes it easier for me to access everything on my phone from anywhere. You can protect your security and privacy. This is an amazing technology. I like this very much. .”

5 star rating 3: “I can’t believe how great this is, it’s better than other protection apps. The best thing is that String VPN doesn’t slow down like other similar apps. It’s easy and simple. This will make you have a great time and it’s 100% free!”

A large number of false positive reviews gave this App a 3.5 points, which surpassed Apple’s App Store algorithm. The result is to increase its appearance in search results, making it easier for other users to find and download the application.

Sure enough, many users were successfully deceived. Among the many false positive reviews, it can be seen that many “violating” low-star comments are from real “victims.”

1 star comment 1: “Don’t download, this seems like a scamBureau…It is said that this is recommended by Apple, but need a free trial? wrong. All other comments seem to have been translated. Don’t download! “

1 star review 2: “They don’t show different weekly or monthly payment methods. Each year is the only option. I’m reporting to Apple for a refund. When I do a Google search on this app, I can’t Contact them directly without any comments… it looks like a’strongVPN’ app with a lot of good reviews.”

1 star review 3: “The app recommended by the pop-up window charged a fee. I could not find a way to contact and request a refund. I had to report the matter to Apple. Then I was told that the money would be refunded, but I was still Waiting for the refund, so I report to them over and over again!”

As can be seen from the comments, many scammers are recommended to download the app because they received a pop-up window in Safari. In addition, this App looks a lot like the reliable “strongVPN” app, so even if it does not have a weekly or monthly subscription standard, but only an annual subscription standard of $89.99, there are still many users who do not check for a while and are defrauded of expensive “subscriptions” fee”.

In addition, the website of this App is still a blank website registered in India, and the contact email is also the fake email stringvpn.space@gmail.ru of a fake domain name provider.

Apple only cares about rake?

All of this makes Elefherious feel incredible. He can’t figure out what Apple is doing in it: “I don’t know which is worse: false comments on’translation’, Safari will pop up’Apple recommendation’, http://gmail.ru’s contact email, a blank website registered in India, a $9.99/week subscription, and a monthly revenue of $1 million. What is Apple doing?”

He added that this app even ranks third in the U.S. utility category.

This data provoked Elefherious to sarcastically: “Apple: We reviewed this VPN scam carefully, and we think you will like it!”

Elefherious’s straightforward complaint has also aroused discussion among many netizens on Twitter.

Netizen @iPhotoTheWorld: What is Apple doing? It only takes care of drawing a certain percentage from the monthly good deeds.

Netizen @FOSSpatents: Thank you for raising public awareness of these issues. I must say that I never thought that these things would happen under Apple’s management.

Netizen @DonaldFLawton: These scam apps have been rampant for several years, and Apple must be aware of this problem. But how can Apple wake up and take action?

Scams on the App Store are not uncommon

As @DonaldFLawton said, this kind of fraudulent applications on the App Store has been common in recent years.

  • Scam apps impersonating Treznor

Recently, there was a fraud software that faked Treznor’s access to cryptocurrency to defraud many users. Two victims were even defrauded of 17.1 bitcoins and 14,000 U.S. dollars in ether.

One of the deceived Christodoulou said that because the app’s rating was close to five stars, he mistakenly thought that Treznor really launched a mobile version, and believed that it was true that led to the theft of Bitcoin.

Apple’s response to this is: it will not be liable for the loss of fraudulent use of the fake Trezor App. Apple explained that the fake Trezor application entered the App Store through “bait and switch”, using logos and colors that were very similar to the real Trezor. In response to the review, the app claimed to be an encrypted app for iPhone files and storage, and did not involve any virtual currency. After submitting a fake Trezor, it turned itself into an encrypted wallet, so this cannot be prevented thing.

  • Apps that fake FlickType

Prior to this, Elefherious, the promoter of this fraudulent application, was also “harmed” by Apple.

Eleftheriou developed the FlickType application, which is an input method application for Apple Watch, but there are many applications that are very similar to FlickType in the App Store, and these applications do not provide corresponding functions. One of the most excessive is an application called KeyWatch. According to the data given by the application analysis company Appfigures, this pirated App can earn up to 2 million US dollars in fraudulent income through the App Store every year.

Fortunately, Eleftheriou’s tweets have attracted public attention. At present, Apple has removed KeyWatch and other similar fraudulent applications from the App Store.

  • The “free trial” scam

In 2020, British research institute Sophos reported that they found 32 violating iOS apps in the App Store. These apps will adopt a “free trial” approach to attract users. Once the “trial” time is exceeded, the charging standard will be as high as 30 USD/month or 9 USD/week.

At that time, more than 3.5 million users around the world installed such apps, and once the users clicked on the “free trial”, these fraudulent apps were granted the right to automatically charge money, and it was not easy to cancel the trial. Debits from the user’s account.

Apple, which has always been very “safe” in the eyes of the public, has frequently occurred in these years. Even though it is not easy to prevent as Apple said, the current situation of users being deceived frequently is contemplative: Apple really does not take Some action?

Reference link:

https://www.macrumors.com/2021/04/07/developer-highlights-scam-apps-iap/