If you want to lose weight, but keep money in the bank, avoid these apps that secretly charge users with a fingerprint scan!
Exercise Your Wallet?
Two apps on iOS systems were posing as fitness-tracking tools, but in reality, these apps were stealing money from their users. Fitness Balance App and Calories Tracker App were apps that looked normal and served basic fitness functions like calculating BMI, tracking calories, and remind users to stay hydrated. Both apps had high ratings and good reviews on the iOS store, but they were robbing their users blind.
Apple’s Touch ID
Fitness Balance App and Calories Tracker App used Apple’s Touch ID feature to loot money from iOS users that downloaded these apps. A fingerprint scan is requested on these apps to view additional information such as diet recommendations and personalized calorie tracker. Each time the user uses the TouchID, the app will show a pop-up confirming a payment of $119.99. This pop-up is visible for a second and users barely have a chance to see what flashed on their screens.
“However, if the user has a credit or debit card directly connected to their Apple account, the transaction is considered verified and money is wired to the operator behind these scams,” said Lukas Stefanko a malware analyst with ESET security.
This pop-up is persistent: “If users refuse to scan their finger in ‘Fitness Balance app,’ another pop-up is displayed, prompting them to tap a ‘Continue’ button to be able to use the app. If they comply, the app tries to repeat the dodgy payment procedure,” said Stefanko.
Fake Apps with Fake Reviews
Everyone has a smartphone with apps downloaded. Usually before downloading an app, you check the reviews and ratings before installing it on your device. Fitness Balance App and Calories Tracker App were disguising as legit apps in the iOS store with their tricky 5-star ratings and positive reviews.
“Posting fake reviews is a well-known technique used by scammers to improve the reputation of their apps,” he said.
Victims of these app schemes requested refunds from the app creators. They received generic responses of a promise to fix the issues in the upcoming version 1.1. Stefanko said that both apps have been removed by Apple. The same developer is likely behind both of them, he said.
However, Stefanko speculated that more apps using a similar scam could pop up in the future, “I think there could be more apps, because of its simple implementation of the scam trick.”
iOS Apple Store
Although, Apple is known for its strict policies when it comes to verifying apps in the iOS store, but the company has faced app privacy and security violation issues in the past.
Earlier in September, for instance, Apple removed a top-rated app, called Adware Doctor, from its official Mac App Store after researchers publicly exposed that the app violated Apple’s sandboxing security policies. The company also took action against a number of different macOS apps that also collected browser history data.
There isn’t any easy way to check for malicious apps, especially because Apple doesn’t allow antivirus tools for their store, Stefanko said. However, users for their part can take extra precautions by reading reviews by other users, he continued to say.
“As Apple doesn’t allow security products in its App Store, users need to rely on the security measures implemented by Apple,” according to Stefanko.
Original Article Found Here.