NEWS
Scammy iOS Apps Used Touch ID to Push Users Toward $99 Payouts
3249
2018-12-07
Posted by 3uTools

A few scammy iOS applications have been taking advantage of Apple’s Touch ID platform by trying to trick users into making payments with false promises of using the fingerprint scans for fitness data, according to ESET’s WeLiveSecurity blog.


The two apps — called “Fitness Balance” and “Calories Tracker” — were spotted by various Reddit users over the last week, and both employ similar tactics. As part of their so-called “fitness tracking,” the apps ask users to place their fingerprint on the Touch ID scanner for 10 seconds, to “create a personalized diet and other stuff.” While a user’s finger is placed on the pad, the app pops up an in-app purchase payment request for sums of money like $99.99. Since the user’s finger is already on the Touch ID pad, the request can be approved almost immediately.

Scammy iOS Apps Used Touch ID to Push Users Toward $99 Payouts


Apps ask for fingerprint right at the moment when paying pop-up shows, which is accepted by user fingerprint.


This hack works because Touch ID is such a seamless process. By trying to be as fast and unobtrusive as possible, the phone starts scanning the finger that’s already on the pad as soon as the payment request pops up. The speed at which Touch ID works means that by the time a user has processed what’s going on, the payment has already been approved.


There are legitimate technologies that can provide fitness information like this, like the Apple Watch Series 4’s upcoming EKG feature that has users place their finger on a side button to measure their heart data. And while those features have nothing to do with fingerprint scanning, it’s easy to see how some users made the mistake of thinking that an iPhone could do something similar.


Based on the similar UI, it seems likely that both apps were created by the same developer. Fortunately, both seem to have been removed from the App Store, and hopefully, Apple will keep a closer eye on this kind of UI hacking in the future.


Source: theverge

Related Articles
This is How the First Phone With a Fingerprint Sensor Under the Display Works Apple’s Best 25 iOS Apps of 2015 Google Removes Passcode/Touch ID/Face ID lock from Drive, Docs, Sheets & Slides Researchers Break Apple's iPhone and iPad Activation Lock These are the all-time Most Popular iOS Apps and Games From 2010-2018 Face ID on iPhone X Does Not Work Below 10% of Battery Charge iOS 10 Beta 3 Features, Changes, and Improvements Apple Wanted the iPhone X to Have Touch ID, But Couldn’t Make It Work