On the surface, things could not be better for Apple right now but underneath storms are brewing. Apple’s App Store is at the heart of an international trial and following shock revelation after revelation after revelation after revelation about a factory of scams “measured in billions”, a new warning has been issued for iPhone and iPad owners.
Following widespread attention for his series of exposés of high profile App Store fleeceware, casinos hidden inside kids games and a ‘factory’ of iOS VPN scam apps, developer Kosta Eleftheriou has revealed another astonishing scam which asks serious questions of how Apple keeps users safe.
Eleftheriou shines a light on the seemingly innocuous ‘QR Code Reader & QR Scanner’ (App Store Link). The app has existed unchallenged on the App Store for more than three years. It carries an average user score of 4.5 stars from over 15,000 ratings and has been downloaded more than 7.5M times. And yet every aspect of it exposes the dangerous flaws in App Store security.
First, the top spot review. Written by ‘Yhggdfg’ it is unreadable nonsense but, as Eleftheriou, points out: “Doesn’t matter! Lots of “people” marked it as helpful, and so this review gets the 1st spot.”
Second, featured reviews. While unable to unseat the gamed review in top spot, actual user reviews repeatedly warn users the app is a scam with stealth charges of up to $43/week. As Eleftheriou notes, “If we only consider [real] reviews, this ‘QR Code Reader’ app is rated 1.5 stars. One. Point. Five.”
Third, fake reviews. Here actual user warnings are drowned out by a level of fake review so bad it implies the App Store has little to no quality screening of any kind, therefore allowing scores to be easily gamed. Some examples:
“While Apple claims that ‘Every day, moderators review worldwide App Store charts for quality and accuracy’, this app has been a top-grossing scam since 2018, grossing MILLIONS of dollars and over 7M downloads,” states Eleftheriou. “I’m not sure what these moderators are doing, because this stuff is right there in front of them if they just LOOK for it like I did.”
And what makes Eleftheriou look? He has skin in the game. He developed popular Apple Watch app FlickType, only to see its success marred by a series of scam apps which listed under similar names. Eleftheriou says he complained to Apple, but claims action was not taken in an attempt to force a cheap sale of his app to the company. He is subsequently suing Apple.
Despite this, the developer’s fight is finding increasing levels of support. Epic Games (maker of Fortnite), Spotify, Match Group (owner of Tinder) and many more have recently attacked Apple for unfair and exploitative App Store practices. Senior Apple anti-fraud engineer Eric Friedman was also quoted in legal documents last month, saying App Store defences were like “bringing a plastic butter knife to a gunfight”.
Eleftheriou argues the App Store is not a trustworthy place. “If you do decide to download any app from the App Store, don’t trust the ratings or reviews,” he told me. “Ask friends for a recommendation, and make sure you know how to cancel a subscription before you (accidentally) start one!”.
Eleftheriou is currently developing software to automate the discovery of App Store scam apps and claims his initial findings suggest the level of fraud is “measured in billions, not millions.” Earlier this month, for example, he found a single developer was running a factory of over 40 App Store scam apps pulling in more than $3.5M in the process.
The upshot of all this is it erodes trust and safety. Apple takes a 15-30% cut of all App Store developer revenues, which means it profits from every scam it fails to shut down. And with Tim Cook taking the stand this week to defend App Store practices (to mixed success), pressure for the company to act is growing.
In the meantime, with Eleftheriou promising to share more scams and numbers soon, the onus is on all iPad and iPhone owners to heed his warnings and stay safe.
Follow Gordon on Facebook
More On Forbes
iPad, iPhone Owners Warned About ‘Factory’ Of App Store Scam Apps
Apple Engineer Claims App Store Security Brings ‘A Plastic Butter Knife To A Gunfight’