So simple, yet so effective. The most successful scams are those that are not overly complicated, just like the Heart Rate app that tricked iPhone users into authorizing an in-app payment of $89.99 via Touch ID.
The Heart Rate app, which was available on the iOS App Store until recently, told users it was measuring their pulse by using the Touch ID module on their iPhone. What it was actually doing, was asking users to authorize an in-app purchase. Because Apple’s review process allows IAP amounts to be changed after the app has been approved and added to the App Store, the developer was able to increase the price to $89.99 and fly under the radar.
The app also automatically brought the brightness down to its lowest level when the authorization screen was up to reduce the chances that users would notice what was happening.
On newer iPhones, such as the iPhone X and beyond, Face ID can be used to authorize an in-app payment with Face ID. Users must first confirm intent to pay by double-clicking the side button. You can then authenticate by Face ID. How long is it before we see apps that manage to fool users this way, I wonder?
The Heart Rate app was intended for Portuguese language users but, as the screenshots above show, the interface was also available in English. Apple has since taken the Heart Rate app down from its App Store.
Have you ever fallen for an app scam? Don’t be shy, tell us about it below.
Source: Phone Arena