Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses IOS The Almighty Buck Apple

Investigating Some Subscription Scam iOS Apps (ivrodriguez.com) 50

Security engineer Ivan writes: For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium business model, except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of "free days" (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.

I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.

This discussion has been archived. No new comments can be posted.

Investigating Some Subscription Scam iOS Apps

Comments Filter:
  • Summary incorrect. (Score:5, Insightful)

    by MachineShedFred ( 621896 ) on Thursday July 11, 2019 @04:41PM (#58910294) Journal

    The segment

    except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe.

    should read:

    except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you close the app and delete it because the developer is an asshat.

    I mean seriously, who is hitting 'subscribe' and rewarding such fuckery?

  • by Thelasko ( 1196535 ) on Thursday July 11, 2019 @04:41PM (#58910298) Journal
    The main purpose of most smartphone apps is to bypass the security features of the browser. Facebook and Twitter purposely cripple their mobile websites to force you to install the apps. Then they steal your data.

    If you don't have an app for it on your PC, you shouldn't have an app for it on your phone.
    • by Anonymous Coward

      This. People got fed up of trying to extract data via HTML since it's designed essentially for data presentation and simple interaction. Apps have all the power of the OS APIs at their disposal which means the potential for abuse is MUCH higher.

      When told to download the app for a "better experience" you should remember that writing an app is HARDER, MORE EXPENSIVE, and FAR LESS PORTABLE than writing a web page. Companies generally don't do "harder" or "more expensive" unless there's a damn good reason.

      Guess

    • It sure seems this way. I deliberately avoid many apps for what are 'web services' precisely because I do not want to be tracked even when I'n not using the app or service, because I do not want the service to steal more data from me, and to avoid being linked into a constellation of other apps and services as if I want any of this.

      I delete these freemium apps immediately when they try to nag me. 'Free' doesn't mean something else just because the developer wants it to make money.

    • ...If you don't have an app for it on your PC, you shouldn't have an app for it on your phone.

      In the case of Android, widgets are kinda nice which I doubt you could do via a browser...

  • by cliffjumper222 ( 229876 ) on Thursday July 11, 2019 @04:41PM (#58910300)

    I love this type of article, even though he didn't find anything suspicious, because he did contribute to the art by showing how weak some of these developers are that crap approaches they take. It all indicates that the developers are a "factory" of sorts churning out crap to get cash from unsuspecting users. It's an electronic equivalent of the cheap and nasty fake toys at the market that break as soon as you get them home.

  • From the (fairly interesting) article:

    I then saw all of these apps embed many ad libraries but what I found really weird is that they don't show any ads.

    Well why bother showing ads when you can just fool the ad libraries into claiming the you've shown ads?

    He didn't mention any traffic from them but presumably that would come later so as not to worry App Store reviewers...

    I think there is one requirement Apple could put in place to help stop this kind of practice - require an obvious way to close a payment d

  • by rsilvergun ( 571051 ) on Thursday July 11, 2019 @04:53PM (#58910372)
    That's all this is. It's just money laundering. $10/mo for a QR code reader app, throw out a few hundred of these apps with a few hundred "users" each and before you know it you're clearing $100k/mo in clean money for only 30%.

    As for why Apple allows it, hey, free money.
  • apple business model (Score:2, Interesting)

    by fermion ( 181285 )
    Over the past decade or so, Apple has been a littler too aggressive in subscriptions, really killing the user experience. This has escalated in the past few years.

    For example, iTunes hes back on after upograde. ms kind of sucked for a while, but now it does not even pretend to be a music player o the music library. The primary purpose seems to be to get subscribers for the Apple Music service, and while you can dig and turn off the annoying hourly notice, I swear it sometimes comes back on after upgra

  • Isn't this what Apple should be doing to vet these apps before they are hosted in their store?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...