gmannes@gmail.com
Date: Wed, 7 Aug 2019 12:05:06 -0400
[Fiendishly clever, or cleverly fiendish:]
https://9to5mac.com/2019/08/07/scam-heartrate-app/
Ben Lovejoy
Scam heart rate app is back in the App Store, trying to steal $85/year
A scam heart rate app that tried to con iPhone users out of $89/year is now back in the App Store under a new name, some eight months after Apple removed the original version.
The app specifically targets people who own iPhones with Touch ID.
What the app does is ask users to place their finger on the Home button,
supposedly to take a heart-beat reading. In reality, the app dims the
display brightness its minimum to hide the content -- which is actually
Apple's dialogue requesting authorization for a recurring in-app purchase.
If users place a registered Touch ID finger on the Home button, that
completes the purchase.
Apple removed the app in November of last year following our report, but
Brazil's Mac Magazine reports that it has now returned. ...
Now the app presents itself as `Pulse Heartbeat' and its developer is registered as BIZNES-PLAUVANNYA, PP.
The in-app purchase is now for 340 Brazilian reals, which is equivalent to around US$85. As before, the app is targeting Portuguese speakers. ...
The reality [no pun intended?] is that the app review process is a manual one, and prone to human error. Scammers will usually submit an innocuous app and then update it with rogue code after approval. Although Apple reviews updates too, there is a general belief that this review is less thorough than for a new app.
The report does show that even in a curated app store, there are still risks. ...