Apple’s famously scrupulous security credentials have been called into question after dodgy apps which scammed users out of money were found on the App Store.
Fitness Balance and Calorie Tracker were initially called out on Reddit, where users identified an underhand way the apps would trick users into authenticating in-app purchases. The fitness trackers would then take $99, $119.99 or €139.99.
The scam worked by first asking users to log into the app using their fingerprint scanner. Doing this, the app claimed, would allow users to view their “personalised calorie tracker and diet recommendations”. However, when the users’ fingers were still on the scanner, a prompt would pop up on screen asking to validate an in-app purchase. As the user already had their finger on the scanner, this authenticated the Touch ID payment – before even a user had a chance to think.
Though Apple has since removed Fitness Balance and Calorie Tracker from the App Store, questions remain about how they made it on there in the first place. Apple puts great stock in its security capabilities, with this even being the central tenet of many ad campaigns – even recently, where videos shared on social media made the claim that hackers would have a much easier ride when targeting non-Apple devices.
The removal of these apps hasn’t allayed the fears of many security experts, though. Instead, it’s been suggested that, if these two apps made it through the net, there’s every chance there could be others out there using the same underhand techniques to scam money out of unsuspecting users.
One simple defence against such scams given by cyber security blogger Graham Cluley is for users to not have a credit or debit card tethered to their Apple accounts. However, even Cluley noted how this was impractical in the real world, as many users would find it “more of a nuisance than it’s worth”.
Affected users of this scam – and any others who feel they have been tricked by a download from the App Store – can apply for a refund direct through Apple.