On the surface, things could not be better for Apple right now but underneath storms are brewing. Apple’s App Store is at the heart of an international trial and following shock revelation after revelation after revelation after revelation about a factory of scams “measured in billions”, a new warning has been issued for iPhone and iPad owners.
A serious new Apple App Store warning means all iPhone and iPad owners need to be vigilant
Following widespread attention for his series of exposés of high profile App Store fleeceware, casinos hidden inside kids games and a ‘factory’ of iOS VPN scam apps, developer Kosta Eleftheriou has revealed another astonishing scam which asks serious questions of how Apple keeps users safe.
Eleftheriou shines a light on the seemingly innocuous ‘QR Code Reader & QR Scanner’ (App Store Link). The app has existed unchallenged on the App Store for more than three years. It carries an average user score of 4.5 stars from over 15,000 ratings and has been downloaded more than 7.5M times. And yet every aspect of it exposes the dangerous flaws in App Store security.
First, the top spot review. Written by ‘Yhggdfg’ it is unreadable nonsense but, as Eleftheriou, points out: “Doesn’t matter! Lots of “people” marked it as helpful, and so this review gets the 1st spot.”
New App Store scam shows how easy it is to game Apple’s security
Second, featured reviews. While unable to unseat the gamed review in top spot, actual user reviews repeatedly warn users the app is a scam with stealth charges of up to $43/week. As Eleftheriou notes, “If we only consider [real] reviews, this ‘QR Code Reader’ app is rated 1.5 stars. One. Point. Five.”
Angry, scammed iPhone/iPad users complaints are being ignored
Third, fake reviews. Here actual user warnings are drowned out by a level of fake review so bad it implies the App Store has little to no quality screening of any kind, therefore allowing scores to be easily gamed. Some examples:
Ratings for iOS scam apps are being artificially boosted by laughably fake reviews
“While Apple claims that ‘Every day, moderators review worldwide App Store charts for quality and accuracy’, this app has been a top-grossing scam since 2018, grossing MILLIONS of dollars and over 7M downloads,” states Eleftheriou. “I’m not sure what these moderators are doing, because this stuff is right there in front of them if they just LOOK for it like I did.”
And what makes Eleftheriou look? He has skin in the game. He developed popular Apple Watch app FlickType, only to see its success marred by a series of scam apps which listed under similar names. Eleftheriou says he complained to Apple, but claims action was not taken in an attempt to force a cheap sale of his app to the company. He is subsequently suing Apple.
Despite this, the developer’s fight is finding increasing levels of support. Epic Games (maker of Fortnite), Spotify, Match Group (owner of Tinder) and many more have recently attacked Apple for unfair and exploitative App Store practices. Senior Apple anti-fraud engineer Eric Friedman was also quoted in legal documents last month, saying App Store defences were like “bringing a plastic butter knife to a gunfight”.
Apple regularly markets App Store security as industry-leading
Eleftheriou argues the App Store is not a trustworthy place. “If you do decide to download any app from the App Store, don’t trust the ratings or reviews,” he told me. “Ask friends for a recommendation, and make sure you know how to cancel a subscription before you (accidentally) start one!”.
Eleftheriou is currently developing software to automate the discovery of App Store scam apps and claims his initial findings suggest the level of fraud is “measured in billions, not millions.” Earlier this month, for example, he found a single developer was running a factory of over 40 App Store scam apps pulling in more than $3.5M in the process.
The upshot of all this is it erodes trust and safety. Apple takes a 15-30% cut of all App Store developer revenues, which means it profits from every scam it fails to shut down. And with Tim Cook taking the stand this week to defend App Store practices (to mixed success), pressure for the company to act is growing.
In the meantime, with Eleftheriou promising to share more scams and numbers soon, the onus is on all iPad and iPhone owners to heed his warnings and stay safe.
Follow Gordon on Facebook
More On Forbes
iPad, iPhone Owners Warned About ‘Factory’ Of App Store Scam Apps
Apple Engineer Claims App Store Security Brings ‘A Plastic Butter Knife To A Gunfight’
I am an experienced freelance technology journalist. I have written for Wired, The Next Web, TrustedReviews, The Guardian and the BBC in addition to Forbes. I began in
I am an experienced freelance technology journalist. I have written for Wired, The Next Web, TrustedReviews, The Guardian and the BBC in addition to Forbes. I began in b2b print journalism covering tech companies at the height of the dot com boom and switched to covering consumer technology as the iPod began to take off. A career highlight for me was being a founding member of TrustedReviews. It started in 2003 and we were repeatedly told websites could not compete with print! Within four years we were purchased by IPC Media (Time Warner’s publishing division) to become its flagship tech title. What fascinates me are the machinations of technology’s biggest companies. Got a pitch, tip or leak? Contact me on my professional Facebook page. I don’t bite.