Before WWDC began last week, Apple pointed out that it has paid app developers more than $70 billion USD in total through the App Store, and $21 billion of that sum was paid out last year. Unfortunately, not all of that money is legitimate. As Johnny Lin has posted on Medium, some of the supposed creators are actually cybercriminals who make their living from abusing Apple’s in-app purchase feature and also using App Store search ads to trick people into subscribing to various services that should be stayed away from. Apps in question include password generators, VPN apps, and virus scanners.
One of them is called “Mobile protection: Clean & Security VPN“, which currently stands at #10 in Top Grossing Productivity apps list. It promises to scan your iPhone for various types of malware, but with a catch – you’ll have to pay $99.99 for a 7-day subscription. This information is hidden pretty well, so if you don’t read through EULA, you won’t even notice it. And the trick obviously works, as it allows people behind it earn nearly $80,000 USD each month. Unfortunately, this application doesn’t offer anything useful in return, so spending money on it is akin to throwing them out of the window.
But why do people do so? Well, it’s because the developers of such apps use App Store search ads to their advantage and trick users into downloading them that way. And Apple doesn’t have a filtering or approval process for search ads at the moment, so nothing stops con artists from illegally enriching themselves. The look of those advertisements is almost identical to real search results and, in some cases, they take up the entire first page. Considering the fact that people very often click on links that are immediately seen and don’t go past that first page, it’s understandable why this scheme works so successfully.
So what should you be on the lookout for? Be careful with passwords managers and virus scanners. If you see a free download which offers you to make an in-app purchase for a ridiculous price, keep away from it. Don’t pay any attention to gaming search ads. And, finally, don’t agree to subscribe to anything that requires you to pay $99 USD every week. Cybercriminals behind all this earn approximately $80,000 per month or $960,000 per year – don’t give them the satisfaction of winning and don’t sponsor them.
Apple itself hasn’t yet commented on this, but it’s very doubtful that they’ll let such practices continue. Search ad improvements in iOS 11 seem like a very plausible scenario and it should be noted that they’re currently not live in it. Only time will tell for certain, but, as of now, it definitely gives a hope that the solution will be found.