Beware of these Touch ID scam apps on the Apple App Store

December 4, 2018

By

The Apple App Store is still considered one of the safest places from which to download your mobile apps. Apps are curated and reviewed, and any security concerns are almost always immediately addressed by Apple.However, crooks always think of new schemes and tricks to scam you out of your hard-earned cash. With deception and deliberate design, these scammers can use App Store loopholes to execute their malicious deeds.Now, you won’t believe how these scammers are using the one thing that keeps your iPhone secure to rip you off.

Touch ID scams are real

If you are an iPhone user, you are most likely familiar with Apple’s Touch ID. Although it’s now being replaced by Face ID, Apple’s newer face recognition security system, Touch ID has been and is still is the main biometric security system for millions of iPhones.Touch ID is used for a plethora of functions, like unlocking the iPhone, Apple Pay authorizations, app/website logins and in-app purchases.It’s a solid and reliable system, for sure, but now, scammers have found a way to exploit it. If you’re not careful with what App Store apps you’re installing, with one false move, these crooks can swipe your cash.Here’s what’s happening. Unscrupulous developers are creating health-tracking apps that use Touch ID to read your body statistics. However, it turns out that they’re using your fingerprint to authorize an in-app purchase.For example, 9to5 Mac exposed a recent app called Heart Rate Measurement, which claims to read your heart rate by having you scan your fingertip with Touch ID via your iPhone’s home button.

In reality, however, it is using your fingerprint data to authorize an $89.99 transaction charged to your Apple account. To hide the fact that the app is trying to charge you, it simultaneously dims your iPhone screen to make it difficult to see what’s going on. That’s downright nasty!Obviously, this scam is harder to pull off in newer iPhones with Face ID or with older iPhones with Touch ID disabled, but it is still possible to get scammed if you’re not careful. With iPhones that have Face ID enabled, however, the scam and the transaction amount is readily apparent. (Don’t double-click your side button to pay!) The Heart Rate Measurement app is not the sole Touch ID scam app that sneaked in through the official App Store. Health apps named “Fitness Balance” and “Calories Tracker” are also using the same Touch ID schemes to fool you into authorizing a transaction.Thankfully, these apps have been removed from the App Store, but if you downloaded any of these apps, please delete them immediately!Note: There are many legitimate heart-rate measurement apps in the App Store. Tap or click here to check out five surprising things your smartphone can do.

How to protect yourself from fake apps

Knowing Apple’s strict app vetting process, it’s unclear how these scammers managed to sneak these fraudulent apps into Apple’s official App Store.One explanation is that the developers added the scheme to the apps after they have passed Apple’s review.That, or is Apple dropping the ball when it comes to reviewing apps with in-app purchasing? We certainly don’t hope so! Maybe the company will have to review its app approval process and add another system-wide confirmation screen with in-app purchases.To protect yourself from fake apps that manage to sneak into the official app stores, here are typical warning signs to watch out for before you download and install.Check reviews – To some extent, you can read the user reviews on an app, too. Although fake reviews (both positive and negative) can still mislead you, user comments can still provide vital information about it.Check descriptions – Be extra vigilant when downloading apps, even official App Store apps. Check for bad descriptions and false services. Additionally, since even ratings can be falsified, analyze whether the reviews are sufficiently detailed and varied.Look before you touch – iOS apps rarely use your fingerprint and Touch ID except for in-app purchases. If an app is asking you to scan your fingerprint data, look out! It may be scamming you into authorizing an in-app purchase.Read the fine print – Be wary of any apps that are asking for your Touch ID authorizations. Also, check for any recurring subscriptions that these apps might be sneaking in via in-app purchases.Report suspicious apps – Immediately report apps that are exploiting the in-app purchasing system via Apple’s iTunes Connect Contact Us form.

How to get a refund from the Apple App Store

If you were victimized by these Touch ID scams (or any in-app purchase scam), you can try and get your money back from Apple.Technically, Apple has a no-refund policy on apps. However, you can still submit an appeal to Apple. You can do this via one of the Report a Problem links.Via email – The best place to check is the receipt Apple emailed you. The link should be right below the app name. Click the link to get started.Via iTunes – If you deleted the receipt email, go to iTunes. The link should be beside the app name in your Purchase History. To access your purchase history, click the link to the iTunes Store. Click the button with your account name. Enter your password and click View Account. Finally, click Purchase History.Via Apple Support – If you can’t find it there, go online to Apple’s iTunes support page. Click “App Store and iBooks.” Then click “Downloading and updating Applications.” Finally, click the Email Us button.In either case, you’re presented with a form to complete. Enter a clear and concise explanation of why you should get a refund.Apple Customer Service should contact you within 2 days. If you don’t hear back, resubmit the request. But a rep will usually contact you fairly promptly. Since these Touch ID transactions are known scams, there’s a good chance Apple will issue you a refund.