An investigation into App Store developer pay-outs has uncovered a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases.
In a Medium article titled How to Make $80,000 Per Month on the Apple App Store, Johnny Lin describes how he discovered the practice, which works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism.
/article-new/2017/06/scam-apps.jpg?lossy)
I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft. That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called "Mobile protection :Clean & Security VPN".
Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical "Clean & Security VPN?"), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed… $80,000 per month?? That couldn't possibly be right. Now I was really curious.
To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017".
/article-new/2017/06/scam-apps-1-800x665.jpg?lossy)
Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer.
It suddenly made a lot of sense how this app generates $80,000 a month. At $400/month per subscriber, it only needs to scam 200 people to make $80,000/month, or $960,000 a year. Of that amount, Apple takes 30%, or $288,000 — from just this one app.
Lin went on to explain how dishonorable developers are able to take advantage of Apple's App Store search ads product because there's no filtering or approval process involved. Not only that, ads look almost indistinguishable from real results in the store, while some ads take up the entire search result's first page.
Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.
It's unclear at this point how these apps managed to make it onto the App Store in the first place given Apple's usually stringent approval process, or whether changes to the search ads system in iOS 11 will prevent this immoral practice from occurring in future. We'll be sure to update this article if we hear more from Apple.
In the meantime, users can contact Apple if they have concerns about an app they've already purchased, or report scam apps if they see them, by using the iTunes Connect Contact Us form. (Select "Feedback and Concerns" and "Report a Fraud Concern".) It's also worth informing less savvy friends of this scamming trend until something is done to eradicate it.
Top Rated Comments
(View all)But an antivirus should not be in the App Store to begin with.
Doesn't really reflect well on Apple IMO - the whole purpose of the walled garden is that it's safer than the wild west approach of Google and that should include protecting people from getting scammed
I can't remember the last time I even downloaded an app from the App Store never mind paying for any in app purchases.
There's plenty of useful paid apps, and plenty of quality fun paid games, even with IAPs. your generalization is quite pointless.Hope people wise up to this.
No doubt more can and should be done by Apple when it comes to policing such scams, but shouldn't the victims bear some degree of the blame as well? The terms and conditions are right there in front of them, and nobody is twisting their arm into making a purchase.
You might have a point if a legitimate service was being offered here. In this case, the service being advertised is non-existant. It's fraud.