Despite Apple's rigorous software review process, which is distributed through the App Store, it is still possible for attackers to use loopholes in the system to cheat customers.
The latest example is a pretty clever and deceitful trick An app that claims to be able to read your heart rate at the fingertip using the Touch ID. In fact, the app (currently on the App Store) uses your fingerprint to authorize a transaction for $ 89.99, while dramatically shrinking the screen to fool you with Face ID (iPhone X and higher and iPad Pro 2018), but iOS devices with Touch ID are probably still the majority of the devices used today.
Use a third-party app from the App Store to read your heart rate The iPhone or iPad is not uncommon either. Apps like Instant Heart Rate: HR Monitor has long used the camera and flash to try to measure the heart rate over the finger.
The App & # 39; Heart Rate Measurement & # 39; currently in the App Store relies on Fraud A user does not read the dialog box that appears when trying to measure heart rate. Screen brightness drops to the lowest point, and the black-and-white UI for buying in-app purchases is almost unreadable compared to the bright red fingerprint icon that appears on screen with Touch ID devices.
(Devices with Touch ID or Face ID disabled are less prone to the trick.)
While the app is clearly in violation of the App Store policy because of customers with ridiculous in-app purchases Not to be misled with the app function, the trick used by the app may have been added app app review process.
Apple requires approval for in-app purchases during app review, but not for modifying the amount (for example, from $ 99 to $ 89.99). The malicious app may also fly under the radar because it targets mainly Portuguese-speaking customers but also supports English.
Apple can rely on user reports and press coverage to find bad scammers like this scam app. The approval review process for changes such as in-app purchase adjustments may also be required. This is unfortunate for the developers as it means another step between making business changes and reaching customers.
Apple could also add a "Add suspicious apps" action button to the App Store page to make it easier to report malicious apps.
We expect the app in question to be removed, but it's certainly not the first app store app that uses the fingerprint authentication method to trick users into handing over money. Another app from another developer account, possibly from the same developer, seems to use the same trick.
Subscribe to 9to5Mac on YouTube for more Apple News: