A developer has recently brought attention to an app available on Apple’s App Store that uses its in-app purchasing system to scam people by tricking them into purchasing a fraudulent weekly, monthly, or yearly subscription.
Apple’s in-app purchasing system has come under major scrutiny in the last couple of months regarding the fact that it makes a 30% commission from the revenue created by every single purchase made inside of an app. Even with a fake VPN app, the tech giant is earning a profit.
Developer warns people about scam app, StringVPN, using Apple’s in-app purchasing system to scam users
Back in February, Kosta Elefherious discovered that many of his apps like FllickType, a popular Apple Watch keyboard, get copied repeatedly on the App Store. According to Eleftheriou, scammers can use the copies made of his apps to trick Apple’s App Store algorithm into giving it influence with fake ratings and five-star reviews.
Eleftheriou is also the one who uncovered this new scam app on the App Store named Privacy Assitant: StringVPN. The app offers users a safe and full-featured VPN experience, but that is obviously not the case. The app had a 3.5 rating out of 5 and 104 reviews. A huge number of fake perfect responses have been posted by the developer to trick Apple’s App Store algorithm into boosting its appearance in search results, making it convenient to be discovered and downloaded.
They did not show the different payment options for weekly or monthly. Yearly was the only option. I’m reporting to Apple to get a refund. There is no way to contact them directly, and there are no reviews when I did a Google search on this App… It tries to look like a “strongVPN” app, which has many positive reviews.
Various users reported that they received a pop-up in Safari motivating them to download the app, only to be scammed by paying for its expensive subscription. Eleftheriou notes that the app is grossing around $1 million per month by scamming users, and is ranked 32 in App Store’s Utilities category.
I don't know what's worse about this app:
– “Translated” fake reviews
– “Recommended by Apple” popups in Safari
– https://t.co/Kq5lRrKCWc contact email
– Blank website, registered in India
– $9.99/week subscription
– Grossing $1M (!) a month
What is Apple even doing?? pic.twitter.com/5oUBCJ2GNh
— Kosta Eleftheriou (@keleftheriou) April 7, 2021
The developer for StringVPN has added a fake email address with a fake domain provider for its “privacy contact”. The website for the app is also a completely blank page. According to Apple, the company does not tolerate fraudulent activity on the App Store and is working hard to implement strict rules via its App Tracking Transparency feature against apps and developers who try to cheat the system.