A scam heart rate app that tried to con iPhone users out of $89/year is now back in the App Store under a new name, some eight months after Apple removed the original version.
The app specifically targets people who own iPhones with Touch ID…
What the app does is ask users to place their finger on the Home button, supposedly to take a heart-beat reading. In reality, the app dims the display brightness its minimum to hide the content — which is actually Apple’s dialogue requesting authorization for a recurring in-app purchase. If users place a registered Touch ID finger on the Home button, that completes the purchase.
Apple removed the app in November of last year following our report, but Brazil’s Mac Magazine reports that it has now returned.
After the controversy, the app has been removed from the App Store, but guess what – it’s back under a new identity.
Who warned us about the inglorious return was our reader Dhuanny Almeida , on Twitter, noting that the app is not only back, but is being announced on YouTube – that is, another legion of unwary could fall for the Touch ID scam. Now the app presents itself as “Pulse Heartbeat” and its developer is registered as BIZNES-PLAUVANNYA, PP.
The in-app purchase is now for 340 Brazilian Reais, which is equivalent to around US$85. As before, the app is targeting Portuguese speakers.
The scam heart rate app isn’t the only one to have made it into the iOS App Store, despite Apple’s review process. A report published on Friday identified more than 2,000 examples. Some of these apps have been making hundreds of thousands of dollars.
Just two apps created by the same Chinese group were found to have made around $400k in June alone.
So far we have exposed more than 2,000 scam apps. We believed that Apple would become more aware of what was happening on App Store. They didn’t. Scammers have become more sophisticated in their tactics. We really don’t get it why Apple allows them to be inside their “walled garden”. Is it maybe for that sweet 30% cut from the in-app purchases?
The idea that Apple would be willing to allow scam apps to get a cut is, of course, absurd. The reality is that the app review process is a manual one, and prone to human error. Scammers will usually submit an innocuous app and then update it with rogue code after approval. Although Apple reviews updates too, there is a general belief that this review is less thorough than for a new app.
The report does show that even in a curated app store, there are still risks — especially as it’s easy for scammers to buy fake 5-star reviews. A report way back in 2014 described how even legitimate apps can scam their way into the top of the app charts.