Developer shows how StringVPN uses Apple’s in-app purchasing system to scam people

A developer has recently brought attention to an app available on Apple’s App Store that uses its in-app purchasing system to scam people by tricking them into purchasing a fraudulent weekly, monthly, or yearly subscription.

Apple’s in-app purchasing system has come under major scrutiny in the last couple of months regarding the fact that it makes a 30% commission from the revenue created by every single purchase made inside of an app. Even with a fake VPN app, the tech giant is earning a profit.

Apple App Store

Developer warns people about scam app, StringVPN, using Apple’s in-app purchasing system to scam users

Back in February, Kosta Elefherious discovered that many of his apps like FllickType, a popular Apple Watch keyboard, get copied repeatedly on the App Store. According to Eleftheriou, scammers can use the copies made of his apps to trick Apple’s App Store algorithm into giving it influence with fake ratings and five-star reviews.

Eleftheriou is also the one who uncovered this new scam app on the App Store named Privacy Assitant: StringVPN. The app offers users a safe and full-featured VPN experience, but that is obviously not the case. The app had a 3.5 rating out of 5 and 104 reviews. A huge number of fake perfect responses have been posted by the developer to trick Apple’s App Store algorithm into boosting its appearance in search results, making it convenient to be discovered and downloaded.

They did not show the different payment options for weekly or monthly. Yearly was the only option. I’m reporting to Apple to get a refund. There is no way to contact them directly, and there are no reviews when I did a Google search on this App… It tries to look like a “strongVPN” app, which has many positive reviews.

Various users reported that they received a pop-up in Safari motivating them to download the app, only to be scammed by paying for its expensive subscription. Eleftheriou notes that the app is grossing around $1 million per month by scamming users, and is ranked 32 in App Store’s Utilities category.

The developer for StringVPN has added a fake email address with a fake domain provider for its “privacy contact”. The website for the app is also a completely blank page. According to Apple, the company does not tolerate fraudulent activity on the App Store and is working hard to implement strict rules via its App Tracking Transparency feature against apps and developers who try to cheat the system.

Read More:

About the Author

Usman has been playing games for as long as he can remember. He is an editor at iThinkDifferent and writes about games, Apple news, hardware, productivity guides, and more. When not writing for iTD, Usman loves to play competitive Team Fortress 2, spends time honing his football skills, and watches superhero movies.

1 comment

Leave a comment