“To Fool The User Into Easier Than You Think”: How Scammers In The App Store

The project developer Wi-Fi Widget johnny Lin on the detection of intruders in the Apple store and how to resist them. At the world conference for developers, Apple has announced that it has paid $70 billion to developers, 30% of which ($21 billion) — for the last year.

This is a huge leap, and I have it caused some surprise because it seems that neither I nor my friends that year did not spend more on apps. I was wondering, where does this income, and I opened the App Store to discover apps-bestsellers. I flipped through the list of applications from the category “Productivity” and saw the application of such well-known companies like Dropbox, Evernote, and Microsoft. This was to be expected.

But whats next. The tenth of the apps of the bestsellers in the category of “Productivity” (as of June 7, 2017) held the application called “Mobile protection :Clean & Security VPN”. Given the terrible name of this app is the misuse of capital letters, incorrectly marked with a colon, and is grammatically absurd structure “Clean & Security VPN” — I thought that the ranking algorithms was a glitch. So I went to a Sensor Tower to assess the income of the app, and saw the amount of $80 thousand per month.

This might not be true. Now Im very curious. I revealed details of the app and saw that the developer company Ngan Vo Thi Thuy. That is, this VPN service, which is an independent developer who didnt even bother to register as joint-stock company.

This is the first bell. For those who do not understand why this is bad — mainly VPN routes all your Internet traffic through servers of a third party. So it turns out that a man who could not even grammatically reconcile the name of your app and did not bother to register the company as a joint stock company, wants to access all your Internet traffic.

Another bell was both funny and terrible description of the application: According to the description of the application “Mobile protection :Clean & Security VPN” “filled with different functions” — well, something it definitely is filled with. It is obvious that “Mobile protection” protects you from “duplizierung” contacts. These “scanning” is something called “Quick & full scan of Internet security”.

Five Internets to the one who will be able to understand the relationship between online safety and dual contacts in the phone. So many different bells — and I havent downloaded the app. I checked the reviews and found a few vague and seemingly fake five-star reviews:

And when I saw the dates of these reviews, I had another question. How long this app is in the top. Well, according to Sensor Tower, “Mobile protection :Clean & Security VPN” is in the top 20 apps of the bestsellers in the category of “Productivity” from April 20 — that is two months to the present time. Just out of curiosity and in order to learn more about it, probably very well-marketed app Ive downloaded.

Heres what happened when I opened it for the first time: The only option available here — click “I agree”, then iOS asks me if I want to give this app “cccess” my contacts. Hmm, probably not.

If you skip this step, the application informs me that my device has detected threats. Well, of course, was found, how else. Also, the application is ready to analyze the device, quick and full scan, and also to protect my Internet. If you click on “Analysis device”, the app will show the amount of free memory is a pretty useless function.

If you click on a quick and full scan, the app shows. “Your contact cleaned. Extra not found”. Excellent — there is nothing superfluous. Suppose, in addition to the letter “p” in the word “duplicitously”.

Well, let me, finally, protect your Internet and click on the appropriate button. Hmm, whats this?. POPs up this incredibly generous offer to shoot the bubbles without installing the game.

Not sure what I did to deserve this absolutely free gift, but itll have to wait. I click on the x to return to the protection of your Internet. And this is what I see next:

And, of course, I immediately jump to the possibility “to use the full smart antivirus by clicking on the button “free trial””. In the end, its free. Touch ID. Well.

Although, wait, lets read the fine print. “Full Virus Malware scanner” — something that. I am sure that no one app cant scan my iPhone for viruses and malware as third party applications are placed in a sandbox and are limited to only their own data. But lets read further. “You will pay $99,99 for a seven-day subscription”.

In the third line of paragraph in small print iOS how would casually tells me that if I press the Home button, then I agree to a subscription for $100. And thats not all — the subscription costs $100 a week. That is, I was just one tap away from subscription for $400 per month in order to be able to redirect all my Internet traffic through the Scam.

It turns out that I was lucky, as I read the fine print before the end. What with all the other users?. And suddenly it became clear how this app can generate $80 thousand a month. If we consider that subscription is worth $400 per month for a single subscriber, it is necessary to deceive only 200 people to earn $80 thousand a month or $960 thousand per year.

And of this amount, the Apple takes a 30% $288 thousand only with one app. You may not yet believe. Maybe you think. “It is clear that only 200 people, but still it is very unlikely that at least one user downloaded a suspect app, and even less likely that people will pay for it.”.

You maybe wouldnt have to download it. I certainly would not. But I also never clicked on a Google Ad, but Google somehow managed to bring the net Adwords up to $700 billion. The application “Mobile protection :Clean & VPN Security” is currently in 144th place in the ranking of most downloaded apps in the App Store, and the average number of downloads in April — 50 thousand.

To get 200 subscribers from 50 thousand downloads, the scammers just need to convert 0.4% of downloads in shopping — and, perhaps, less because these subscriptions are updated automatically so that the number of subscribers from month to month is only growing. Really you cant even imagine that one of your non tech savvy relatives accidentally (or maybe even intentionally) do not subscribe to the “trial period” to protect your iPad from viruses. But then appeared the figure of 50 thousand downloads?.

I once read an article that a large number of users find apps via search in the app store. So, maybe this app is well optimized search. So then I typed in the search “antivirus application”.

And the first result is the app “Protection for iPhone — Mobile Security VPN”. Sounds like something familiar. Its not the same app but there are purchases within (“Free trial version to upgrade to the Premium protection” for $99.99), and it is on the 33rd place in the ranking of best sellers in the category “Business”. It turns out that scammers are abusing a relatively new and immature product Apple — search advertising in the App Store.

They take advantage of the fact that advertising cannot accommodate filters or any approval processes and this is looks almost the same as advertising the actual product and some ad units occupy the entire first page of search results. Later on, I dug deeper and found out that, unfortunately, this is not an isolated case — is a common phenomenon in the bestseller lists in the App Store. And this happens not only with keywords relevant to security. It seems that scammers have used many other keywords.

For example, the results of a search for the word “wifi”: The first result is the app “WEP Password Generator”, a simple generator of random strings, which requires a $50 per month. The app is already earning $10 thousand a month despite the fact that was released only in April. This is most likely a clone of this application, and this in turn means that this has become so common that scammers copy each other.

If the reader of this article is a developer with a level of morality below average, he just found out about a relatively easy way to get tens of thousands of dollars in the App Store. At least until the store something will not change. For other cases, I have a few suggestions:

A little hard to believe that Apple knows about this problem, because these applications are not small — they are located around the top list apps on the App Store. Perhaps the company does not consider this problem serious enough to deal with it, and can be beneficial to their Search Ads and App Store. Anyway, here are some suggestions: If you develop something that is beneficial somehow improves peoples lives, users will be happy to pay for it, and then everyone wins.

However, to create good applications require the design, development, sales skills and hard selfless work. Im not even talking about the obvious moral wrongness of the use of the vulnerable category of users to generate income. Just very disturbing to see that some developers become financially successful, because take the easy and unethical path , creating a fake application whose purpose is to steal money from the uninformed segments of the population.

Leave a Reply