In-App Purchase Scams in the App Store

Great investigative piece by Johnny Lin looking into a top-10 highest grossing app named “Mobile protection :Clean & Security VPN” (punctuation and grammatical errors sic), from a developer named Ngan Vo Thi Thuy:

“Full Virus, Malware scanner”: What? I’m pretty sure it’s impossible for any app to scan my iPhone for viruses or malware, since third party apps are sandboxed to their own data, but let’s keep reading…

“You will pay $99.99 for a 7-day subscription”

Uhh… come again?

There should be no “virus and malware” scanners in the App Store. None. iOS does not need anti-virus software. The App Store sandboxing rules mean that anti-virus software couldn’t really do anything useful anyway. And by allowing them to be listed on the store, it creates the false impression that Apple thinks you might need anti-virus software.

But do-nothing anti-virus utilities that are scamming people into $100/week subscriptions? That’s downright criminal.

Lin shows that “Mobile protection :Clean & Security VPN” is not alone. The productivity top-grossing list is riddled with similar scam apps.

Given how many legitimate developers are still having problems getting their apps approved due to seemingly capricious App Store reviewer decisions, it’s doubly outrageous that these apps have made their way onto the store in the first place. These are the exact sort of apps that the App Store review process should be primarily looking to block.

And there is no excuse for Apple not having flagged them after the fact, once they started generating significant revenue. It’s downright mind boggling that this horrendous “Mobile protection :Clean & Security VPN” app made it all the way into the top 10 without getting flagged.

Based on Lin’s research, the pattern is simple:

  1. Create a scammy utility app and get it into the store. Make it a free download with an expensive in-app subscription.
  2. Bid on common keywords like “virus”, “VPN”, and “wi-fi”.
  3. Get tens of thousands of downloads thanks to the top-of-results placement from the ad.
  4. Spring the in-app subscription prompt on your users and make money with a response rate of even just a fraction of 1 percent.

Apple needs to remove these apps from the App Store, and prevent such apps from getting into the store in the first place. They should reconsider the effects of allowing developers to buy their way to the top spot in search results. And they should police the top-grossing lists for apps that are pulling scams — the most important scams to catch are the successful ones.

Lastly, every single dollar these apps have generated should be refunded to the victims of these scams.