A new post on Medium shows just how easy it is for scammers to use Apple’s App Store Search Ads to dupe users into paying hundreds of dollars for undelivered services from useless apps. Author Johnny Lin came across one app in particular — “Mobile protection :Clean & Security VPN” — that raised his attention with multiple misspellings and poor grammar in its listing, but still somehow managed to take in $80,000 a month in revenue and rank 10th in the App Store’s top grossing productivity apps list. After downloading, the app requests access to contacts and provides useless features like checking the phone’s available space and memory. Pressing the “Secure Internet” option — theoretically what people download the app to do — leads to a game pop-up ad and then to a “Free Trial” button that actually leads to a Touch ID prompt that will enroll the user in a $100-per-week subscription for a virus scanning service the app isn’t even able to provide because of how Apple sandboxes third-party apps.
Further searches turned up other apps using buzzwords like WiFi, protection, virus scan and VPN to look official and paying to appear at the top of the App Store’s search results while offering little or nothing in the way of actual services. There is currently no filtering or approval process for ads, so anyone can make an ad that looks nearly indistinguishable from real results, and they’re off to the races. While Lin suggests several remedies for how Apple could fix the system — including reviewing subscriptions or at least doing away with fine print in Touch ID prompts that buries the true cost of a subscription — the best fix from a user’s perspective is being aware of what an app is promising vs. what it is actually capable of doing. Poorly phrased or misspelled titles or descriptions are a clear giveaway that an app is likely not above board. Periodically reviewing app subscriptions is also a good idea, just in case anything managed to slip through, and reporting scams to Apple through iTunes Connect could provide other options for those who have already been scammed.