It all starts with a harmless notification flashing on the screen of an Apple iPhone instructing them to put their thumb for a couple of seconds to avail of a free download for a fitness tracker that can compute one's BMI, calorie intake among other health information that a health-conscious Apple user may want to know.
Malicious Fitness Apps
However, Apple users are reacting negatively and have posted bad reviews on Reddit claiming that iOS tricked them and had, in fact, swindled money from users who linked their credit cards to their iPhone without their permission.
'Fitness Balance app' and 'Calories Tracker' app charges $99.99 and $229 (or €139.99 depending on the user's country) respectively after the curious users provides their fingerprint to access information about their health, a report claimed.
The users are then redirected to another popup window after having managed to open the app through their fingerprints. Too late though, the popup window then informed them that they are have to pay the sum.
App Would Only Open Using Fingerprint Scans
The app does not give any other choice nor a free trial for users, and the only way to unlock it is to let one's fingerprint be identified on the phone's TouchID sensor. Users have trouble starting the two apps and are then redirected to the same finger-scanning interface until the user would finally give in to his/her curiosity or simply uninstall the app for good, a report said.
High User Rating
Despite the scam, the apps receives a high user rating online. The reviews, however, should not be trusted. Such reviews are fake and are only a ploy by scammers to promote and improve their products' reputation online, Lukas Stefanko, a mobile security researcher for ESET antivirus provider said.
He further advises users to be more critical of the reviews online before installing an app.
To date, Fitness Balance app has garnered an average rating of 4.3 stars from users said to be in connivance with the scam.
That's just scary! Is that even legal?" said in an online forum.
"Idk but they deserve legal punishment," another user commented.
Apple has since removed the two money-swindling apps from the iOS apps and assured users to give their money back. The affected user has to report the incident to Apple App store staff and request for a refund expected to be completed in the next 30 days. Steps of the refund procedures can be found on the support page of the official Apple app store.