Watch out for a clever touch id scam hitting the app store
One of the joys of Touch ID is how seamlessly it works. It rarely takes more than an instant to unlock your iPhone or approve a purchase. But recently a handful of scam apps have turned that ease of use against anyone unlucky enough to download them.
In separately reported incidents, apps posing as health assistants invite users to use Touch ID before they show a calorie tracker, or take a heart rate measurement, or some other seemingly legitimate function. Once you scan your fingerprint, though, the apps briefly show an in-app purchase popup instead, charging anywhere from $90 to $120, and simultaneously dim the screen to make it hard to see the prompt. In some cases, even if you decline to use Touch ID to enable a feature, the app asks you to tap to continue—and try the in-app payment scam instead.
Charging exorbitant, unscrupulous fees within apps violates Apple’s App Store guidelines; the apps in question, innocuously named “Heart Rate Monitor,” “Fitness Balance app,” and “Calories Tracker app,” have all been pulled. It’s unclear if they came from separate developers, or one person operating multiple developer accounts. Either way, to pull off the scam they all rely not on malware but on duplicity—and an insight into how we use Touch ID.
“As soon as you put your finger on there, it starts scanning, so it’s ready and acting very quickly,” says Stephen Cobb, senior security researcher at cybersecurity firm ESET, which wrote about two of the bogus apps Monday. “Someone cleverly figured out they could use the way that’s implemented to get people to do things that they don’t want to do.” ..Read More..