Investigating Some Subscription Scam iOS Apps (ivrodriguez.com) 50
Security engineer Ivan writes: For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium business model, except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of "free days" (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.
I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.
I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.
Summary incorrect. (Score:5, Insightful)
The segment
except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe.
should read:
except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you close the app and delete it because the developer is an asshat.
I mean seriously, who is hitting 'subscribe' and rewarding such fuckery?
Most Smartphone Apps Are Scams (Score:5, Insightful)
If you don't have an app for it on your PC, you shouldn't have an app for it on your phone.
Re: Most Smartphone Apps Are Scams (Score:2, Insightful)
This. People got fed up of trying to extract data via HTML since it's designed essentially for data presentation and simple interaction. Apps have all the power of the OS APIs at their disposal which means the potential for abuse is MUCH higher.
When told to download the app for a "better experience" you should remember that writing an app is HARDER, MORE EXPENSIVE, and FAR LESS PORTABLE than writing a web page. Companies generally don't do "harder" or "more expensive" unless there's a damn good reason.
Guess
Re: (Score:2)
It sure seems this way. I deliberately avoid many apps for what are 'web services' precisely because I do not want to be tracked even when I'n not using the app or service, because I do not want the service to steal more data from me, and to avoid being linked into a constellation of other apps and services as if I want any of this.
I delete these freemium apps immediately when they try to nag me. 'Free' doesn't mean something else just because the developer wants it to make money.
Re: (Score:3)
...If you don't have an app for it on your PC, you shouldn't have an app for it on your phone.
In the case of Android, widgets are kinda nice which I doubt you could do via a browser...
great article (Score:3)
I love this type of article, even though he didn't find anything suspicious, because he did contribute to the art by showing how weak some of these developers are that crap approaches they take. It all indicates that the developers are a "factory" of sorts churning out crap to get cash from unsuspecting users. It's an electronic equivalent of the cheap and nasty fake toys at the market that break as soon as you get them home.
Ad libraries but no ads (Score:2)
From the (fairly interesting) article:
I then saw all of these apps embed many ad libraries but what I found really weird is that they don't show any ads.
Well why bother showing ads when you can just fool the ad libraries into claiming the you've shown ads?
He didn't mention any traffic from them but presumably that would come later so as not to worry App Store reviewers...
I think there is one requirement Apple could put in place to help stop this kind of practice - require an obvious way to close a payment d
Re: (Score:2)
making assertions about what "every website"
We are talking about apps.
Think, then post. I find that order works much better.
Money laundering (Score:3)
As for why Apple allows it, hey, free money.
apple business model (Score:2, Interesting)
For example, iTunes hes back on after upograde. ms kind of sucked for a while, but now it does not even pretend to be a music player o the music library. The primary purpose seems to be to get subscribers for the Apple Music service, and while you can dig and turn off the annoying hourly notice, I swear it sometimes comes back on after upgra
"I wanted to examine how they work" (Score:2)
Isn't this what Apple should be doing to vet these apps before they are hosted in their store?