Scammers are getting smarter
You could be forgiven for being overconfident about Apple’s vetting of iOS apps. But you shouldn’t be lulled into thinking that all iOS apps are safe – here is an example of an app that is effectively a scam.
The free app offered encrypted chat messages. You enter a 4 digit pin and the recipient could only open the message if they had the same 4 digit pin.
Sounds harmless enough.
There were a number of locked options, including sending encrypted pictures. Click on that option and a pop-up appears with lots of small writing asking you to confirm (via touch ID) that your details are correct.
Fair enough, so you press your thumb.
Another pop-up asks you to confirm this – lots of small writing, basically the same.
A bit frustrating for the modern app user… repetitive and unnecessary, so you touch your thumb again.
You’ve just subscribed to their auto renewing premium service costing NZD$48.99 per week.
They bypassed the usual pop-up that requires you to enter your Apple ID password to confirm the clearly marked purchase amount.
The app had no way to check your subscription status…
All credit to Apple – they refunded the money very quickly and that app is no longer available on the app store.
This app was designed to “trick” you into doing what they wanted (in this case, give them money). But it could easily have been designed to give them access to your entire contact list, calendar details or emails…
A salient reminder that your mobile devices is only as secure as the person using it (along with managed security that your provider, like Kinetics, can offer).