We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

2 min read No comments

Heart Rate app scams iPhone users into authorizing $90 IAP

So simple, yet so effective. The most successful scams are those that are not overly complicated, just like the Heart Rate app that tricked iPhone users into authorizing an in-app payment of $89.99 via Touch ID.

The Heart Rate app, which was available on the iOS App Store until recently, told users it was measuring their pulse by using the Touch ID module on their iPhone. What it was actually doing, was asking users to authorize an in-app purchase. Because Apple’s review process allows IAP amounts to be changed after the app has been approved and added to the App Store, the developer was able to increase the price to $89.99 and fly under the radar.

Heart Rate app scam shakes iPhone users out of 90 by taking pulse with Touch ID
The now-removed Heart Rate app that was designed to scam users. / © PhoneArena

The app also automatically brought the brightness down to its lowest level when the authorization screen was up to reduce the chances that users would notice what was happening.

On newer iPhones, such as the iPhone X and beyond, Face ID can be used to authorize an in-app payment with Face ID. Users must first confirm intent to pay by double-clicking the side button. You can then authenticate by Face ID. How long is it before we see apps that manage to fool users this way, I wonder?

The Heart Rate app was intended for Portuguese language users but, as the screenshots above show, the interface was also available in English. Apple has since taken the Heart Rate app down from its App Store.

Have you ever fallen for an app scam? Don’t be shy, tell us about it below.

Source: Phone Arena

No comments

Write new comment:
All changes will be saved. No drafts are saved when editing

Recommended articles