Apple Cracks Down On Subscription Scam Apps

Apple will surely do more to crack down on these scam apps, as App Store ads are still a relatively new phenomenon. In the meantime, make sure your friends and family members are aware of the problem and avoid these fake subscriptions. 1 day ago  Apple to crack down on tracking iPhone users The App Tracking Transparency feature will be part of an iPhone software update likely to arrive in late March or some point in April.

  1. My Apple Apps Subscriptions
  2. Apple Cracks Down On Subscription Scam Apps Without
  3. Apple Cancel App Subscription
  4. Apple Cracks Down On Subscription Scam Apps Free
  5. Apple Cracks Down On Subscription Scam Apps Yahoo
  6. Apple Subscriptions On Mac

Misleading iOS 'security' apps are about to be a thing of the past.

Apple has updated its developer guidelines with a new policy that bans deceptive 'virus-scanning' apps for the first time.

SEE ALSO: Apple’s biggest announcement won’t be the iPhone 8, but HOW you use it

  1. Some of the apps identified in those reports have now been removed, which suggests Apple is beginning to crack down on the practice. On Monday, TechCrunch noted that scammers are using app subscriptions to make promises of “free trials” that convert to a paid membership after a short period of time.
  2. In a swift action, the police of Hyderabad and Cyberabad on Tuesday arrested 17 people, including several heads of app-based instant loan companies, for their role in lending money at a high.

From the latest App Store guidelines:

You should not market your app on the App Store or offline as including content or services that it does not actually offer (e.g. iOS-based virus and malware scanners). Egregious or repeated behavior is grounds for removal from the Developer Program. We work hard to make the App Store a trustworthy ecosystem and expect our app developers to follow suit; if you’re dishonest, we don’t want to do business with you.

Berio cries of london pdf. A quick search of the App Store also suggests that Apple has been quietly removing many of the apps that purport to have such capabilities, as search terms like 'virus scanner' and 'malware finder' no longer turn up results for these types of apps.

It's incredibly misleading for apps to advertise themselves as having these types of features

Scam

As the company notes in its guidelines, it's incredibly misleading for apps to advertise themselves as having these types of features. Not because it's impossible for malicious code to find its way into the App Store (though rare, it has happened), but because Apple's developer policies make it literally impossible for any third-party app to identify such malicious code in the first place.

My Apple Apps Subscriptions

What's most surprising is that it's taken Apple this long to crack down on these types of apps in the first place. Although they weren't always a big problem, it became a bigger issue over the last year as Apple automated more if its app review process, making it easier for ill-intentioned developers to sneak scammy apps into the store.

Apple Cracks Down On Subscription Scam Apps Without

Apple's new search ads, which allows developers to advertise their apps against popular search terms in the App Store, further complicated the issue. As we highlighted back in June, a number of developers were abusing search ads by promoting scammy 'virus cleaner' and 'antivirus' apps that tricked users into paying huge subscription fees for services they didn't provide.

But by now cracking down on the entire category, the company is finally working to get these apps out for good.


Women in Tech: 20 Trailblazers Share Their Journeys
Successful women in the tech trenches share their insights and tackle subjects ranging from how to search out a strong mentor to how to be one -- from how to advance in a large company to how to start your own firm. Get the Kindle or Paperback.

Seven scamware apps found in Google Play and Apple's App Store corralled more than half a million dollars for their developers, a digital security company reported Tuesday.

Apple Cancel App Subscription

Avast discovered the malicious apps after a 12-year-old girl flagged a suspicious app promoted on a TikTok profile through its 'Be Safe Online' project in the Czech Republic, where the business is based.

The adware apps have been downloaded more than 2.4 million times and have earned their developers more than US$500,000, Avast revealed in a company blog.

Many of the apps are being promoted on TikTok on at least three profiles, one which has more than 300,000 followers, Avast noted. An Instagram profile with more than 5,000 followers was also found promoting one of the apps.

Avast explained that the programs pose as entertainment apps, which either aggressively display ads or charge from $2 to $10 to purchase the software.

Some of the programs, it added, are HiddenAds trojans, which disguise themselves as safe apps, but serve ads outside the app.

'The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed,' stated Jakub Vávra, a threat analyst at Avast.

'It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them,' he added.

Difficult to Detect

HiddenAds trojans can be particularly pernicious because they will continue to serve ads even after the app that installed them is removed.

'The behavior of installing the adware separately through the original application is why it's classified as a Trojan rather than simply adware,' explained Jonathan Tanner, a senior security researcher with Barracuda Networks.

'The original app tricks the user into infecting their device with the actual adware rather than simply acting as the adware,' he told TechNewsWorld.

Since the app is side-loading its adware and not serving the ads itself, the bad app should be easier to detect, but it does lower its profile by limiting itself to only functions used by legitimate programs and nothing more.

'This would normally be a good means of detecting malware,' Tanner said. 'Malware often requires more control over the phone than available to developers, often requiring rooting the phone which can be detected more easily.'

Adware, in general, can be difficult to detect because adverting is common within apps. 'Adware takes these ads too far, by either being too invasive to the point of draining computing resources and bandwidth or utilizing less reputable ad networks that may distribute malware,' Tanner explained.

'Detecting invasive ads versus a simple banner would require profiling the behavior of the app or reverse engineering its code, both of which can be difficult and time consuming to do at scale,' he said.

'Detecting malicious ad networks requires tracking which ad networks are legitimate and which are not, which again is not a trivial task,' he continued. 'As with the apps themselves, ad networks can suddenly shift from safe to malicious if the wrong advertiser signs up and has too much freedom as to what content is allowed.'

Cowed by Influencers

It can be difficult for an app store to flag programs that charge money but offer little or trivial functionality if they live up to their claims, no matter how paltry they may be.

'For example, the surge of flashlight apps during the early days of the App Store's existence were largely legitimate, if questionable value for the money,' said Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company, in Scottsdale, Ariz.

'The Apple and Google stores have since attempted to crack down on apps that only perform trivial functions,' he told TechNewsWorld, 'however the definition of what constitutes a trivial function can be murky for reviewers to determine.'

Apple Cracks Down On Subscription Scam Apps Free

Inexperienced users can also make the job of shady apps easier. 'Mobile devices are a 'black box' for most users, and they have little visibility into what's happening deeper in the device,' said Saryu Nayyar, CEO of Gurucul, a threat intelligence company, in El Segundo, Calif.

'There are a number of techniques mobile application developers can use to hide from a casual user,' she told TechNewsWorld.

Users on networks like TikTok can also be too easily cowed by social media personalities. 'Many social media influencers will take money to promote products or apps without doing any research into their legitimacy,' Clements maintained.

'The influencer ecosystem is ultra-competitive and promotions from even those with large audiences can be bought for next to nothing,' he added.

Apple Cracks Down On Subscription Scam Apps

Apple Cracks Down On Subscription Scam Apps Yahoo

Leveraging Social Situations

Using TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters, noted Ben Pick, a senior application security consultant at nVisium, a Falls Church, Va.-based application security provider.

'The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user's profile,' he told TechNewsWorld.

'Check for excessive permissions and numerous bad reviews to prevent downloading similar scam or outright malicious apps,' he added.

Another factor influencing the downloading of these malicious adware apps may have been the imminent ban of TikTok by the Trump administration, which fizzled when the social app was able to cut a deal with Oracle and Walmart that satisfied Washington.

'We frequently see threat actors leverage social situations to their advantage,' observed Hank Schless, a senior manager for security solutions at Lookout,a San Francisco-based provider of mobile phishing solutions.

'In this case,' he told TechNewsWorld, 'they know people rushed to download TikTok ahead of the ban, and these new users look for influencers to follow when they sign up for the app.'

Pay Attention to Reviews

One of the simplest ways to avoid becoming a victim of adware scams is to read the reviews about an app. 'When loading apps, it's essential to read reviews and check the ratings,' James McQuiggan, a security awareness advocate atKnowBe4, told TechNewsWorld.

Pay particular attention to negative reviews, added Cerberus Sentinel's Clements. 'Scammers often use bots or pay for fake positive reviews,' he explained.

Apple Subscriptions On Mac

McQuiggan also advised that when there are prompts to install an app from an advertisement in a profile or on a website, it's vital to do some due diligence about the app to make sure it's not malicious.

Chloé Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry, Baltimore, Md. agreed. She told TechNewsWorld, 'It's always better do some research before allowing an app into the most personal digital space in your life -- your phone.'

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.