A few scammy iOS applications have been taking advantage of Apple's Touch ID platform WeLiveSecurity blog.  The two apps – called "Fitness Balance" and "Calories Tracker" – were spotted by various Reddit users over the last week, and both employing similar tactics. 10 days, to "create personalized diet and other stuff." While a user's finger is placed on the pad, the app pops up on in-app purchase request for sums of money like $ 99.99. Since the user's finger is already on the touch ID pad, the request can be approved almost immediately.
This hack works because Touch ID is such a seamless process. The speed at which Touch ID works means that by the time it has finished, the phone starts scanning the finger that's already on the pad
There are legitimate technologies that can provide fitness information like this, the Apple Watch Series 4's upcoming ECG feature that has users place their finger on a button. And while those features have nothing to do with fingerprint scanning, it's easy to see how many people made the mistake of thinking that on iPhone could do something similar.
Based on the same UI, it seems likely that both apps were created by the same developer. Fortunately, the App Store is hopeful, and hopefully Apple will keep a closer eye on this kid of UI hacking in the future.