Beware of these iPhone fitness apps that steal your money

2018-12-06 07:55
Scam apps in Apple’s App Store require users to scan their fingers for fitness tracking.

Scam apps in Apple’s App Store require users to scan their fingers for fitness tracking. (Reddit)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Multiple apps posing as fitness-tracking tools were caught misusing Apple's Touch ID feature to steal money from iOS users.

The dodgy payment mechanism used by the apps is swift and unexpected, activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes, says internet security company ESET Southern Africa.

There are many apps that promise to assist users on the way to a healthier lifestyle.

The apps until recently available in the Apple App Store under the names Fitness Balance app and Calories Tracker app might have seemed to do just that - they could calculate the body-mass index, track the daily calorie intake, or remind users to drink more water.

However, these services came with an unexpectedly hefty price tag, according to Reddit users.

After a user fires up any of the above-mentioned apps for the first time, the apps request a fingerprint scan to "view their personalised calorie tracker and diet recommendations".

Only moments after the user complies with the request and places his/her finger on the fingerprint scanner, the apps display a popup showing a dodgy payment amounting to $99.99, $119.99 or €139.99 (between R1 400 and R2 200).

This popup is only visible for about a second, however, if the user has a credit or debit card directly connected to his/her Apple account, the transaction is considered verified and money is wired to the operator behind these scams.

Based on the user interface and functionality, both apps are most likely created by the same developer. Users have also posted videos of Fitness Balance app and Calories Tracker app on Reddit.

app

Scam apps in Apple’s App Store require users to scan their fingers for fitness tracking. (Reddit) 

If users refuse to scan their finger in Fitness Balance app, another popup is displayed, prompting them to tap a "Continue" button to be able to use the app.

If they comply, the app tries the repeat the dodgy payment procedure again.

app

Dodgy payment popping up in "Fitness Balance app" and "Calories Tracker app". (Reddit)

Despite its malicious nature, the Fitness Balance app received multiple five-star ratings, had an average rating of 4.3 stars and received at least 18 mostly positive user reviews.

Posting fake reviews is a well-known technique used by scammers to improve the reputation of their apps.

Victims already reported both of these apps to Apple, which led to their removal from the market.

Users even tried to directly contact the developer of Fitness Balance app, but only received a generic response promising to fix the reported "issues" in the upcoming version 1.1.

app

Users who directly contacted the developer received what seems to be an automatic reply. (Reddit)

What can users do to avoid similar threats?

As Apple doesn't allow security products in its App Store, users need to rely on the security measures implemented by Apple.

On top of that, ESET advises users to always read reviews by other users. As positive feedback is easily faked, negative reviews are more likely to reveal the true nature of the app.

iPhone X users can also activate an additional feature called "Double Click to Pay", which requires them to double-click the side button to verify a payment.

app

Those who already fell victim to this scam can also try to claim a refund from the Apple App Store.

KEEP UPDATED on the latest news by subscribing to our FREE newsletter.

- FOLLOW News24 on Twitter

Read more on:    apple  |  cyber crime  |  e-commerce  |  mobile
NEXT ON NEWS24X

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

Inside News24

 
/News
Traffic Alerts
Traffic

Jobs in Cape Town [change area]

Jobs in Western Cape region

IT Manager (contract)

Cape Town CBD
Communicate Cape Town IT
R330 000.00 - R458 000.00 Per Year

HSE Manager

Cape Town
Tumaini Consulting
R550 000.00 - R650 000.00 Per Year

Reporting Accountant

Cape Town
Network Finance Professional / Prudential
R310 000.00 - R360 000.00 Per Year

Property [change area]

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.