Culture

Apple's Laxity Is Leading to Scammers and Risky Apps in the App Store

(Shutterstock)

Tim Cook announced at the Apple Worldwide Developers Conference (WWDC) last week that the company has paid out a total of $70 billion to app developers since the App Store opened nearly a decade ago, and $21 billion over just the past year. Not only is that terrific news for developers, but it’s also good for Apple because the company collects 30 percent of the proceeds of app sales and in-app purchases.

Cook also told the developers that Apple has reduced the time it takes to approve each app for sale in their store to as little as 24 hours. From personal experience, it’s taken several weeks in the past, so that’s also good news for the developers. Apple has explained how they need to carefully test and evaluate the apps submitted to ensure they are safe to use and meet all their requirements.

On the other hand, perhaps Apple needs to take a little more time. Based on recent findings by developer Johnny Lin, as described in an article on Medium, Apple has failed to adequately screen apps that not only are dangerous, but are scams, resulting in huge monthly charges.

When Lin heard Cook describe the growth in app revenue at the WWDC, he decided to look at what apps were the top grossing on the store. In the Productivity category, he found the usual apps that we all know: Microsoft Office, Dropbox, Gmail, and Evernote. But at number 10 he spotted an app: “Mobile protection :Clean & Security VPN,” spelled exactly as shown here. He confirmed on Sensor Tower, a site that provides estimates of app revenue, that this app’s estimated revenue was $80,000/month.

As he dug deeper to learn more about this app, he found that it routed your web access through a VPN, a private network. But that’s dangerous to do if you don’t know the provider of such a service, and this provider was an individual and not a company. Also, in the description of the app, it read “includes protecting you from “dupplicate” contacts. Misspellings and poor grammar are signs you should be very cautious, whether it be in fraudulent emails or apps. These observations were not a good sign that the app was trustworthy.

Lin next decided to download the app and try it out. He was required to give the app permission to access his contacts with no way to opt out. That’s not all that unusual, particularly for an app that was designed to scan your contacts to look for duplicates, but again, it’s something you don’t want to allow an untrustworthy app to do.

After scanning his contacts, it noted “no dupplicates were found,” with the same misspelling. It then asked if wanted to start the free trial of the anti-virus feature by tapping “FREE TRIAL.”  Up came a message to approve by scanning his fingerprint. Before he did that, however, he read the fine print that included in tiny letters, “You will pay $99.99 for a 7-day subscription.”

I checked the app store a day after Lin wrote his article and this app was gone, but there were dozens of others that seemed equally creepy and questionable. They typically offer a number of features such as checking your WiFi and protecting your device against viruses. Why is Apple even offering virus software when they’re so rare? Making it more confusing is that Apple now accepts advertising interspersed among the apps, and some of the ads look just like another app to download.

But what’s most disconcerting is how Apple could ever approve these apps for their store in the first place. It doesn’t take much effort to weed them out, particularly when Apple gets paid 30 percent of some of these onerous charges. This is an embarrassment to Apple that needs to be addressed quickly. And Apple needs to refund all charges its customers incurred from this app and others like it.