Apple hosts millions of apps on the App Store, calling the platform a "safe and trusted" place to discover apps. While mainly true, Apple has come under criticism for hosting many different scam apps on the platform, some even raking in millions in revenue.
In February, developer Kosta Elefherious highlighted how many of his own apps, including the popular Apple Watch keyboard, FlickType, gets blatantly copied on the App Store. Eleftheriou says that copies of his apps can trick Apple's App Store algorithm into giving it prominence by fake ratings and five-star reviews.
Now, Eleftheriou has highlighted yet another scam app on the App Store. This time Eleftheriou is shining a light on how one scam app called "Privacy Assitant: StringVPN" uses Apple's in-app purchasing system to trick people into purchasing either a weekly, monthly, or yearly subscription for a fake VPN service.
The scam app promises to offer a "full-featured" and "safe" VPN experience, but that's not the case. The app has a total of 104 reviews and a 3.5/5 rating at the time of writing. The majority of reviews praise the app as being "perfect" and say it offers "the best experience ever." The masses of fake reviews posted by the developer tricks Apple's App Store algorithm into boosting its appearance in search results, making it easier for other users to discover and download the app.
However, there are real reviews posted by users scammed by the app in the barrage of fake reviews. One user says the app tricked them into purchasing its yearly $89.99 subscription without the option to chose weekly or monthly, and notes how the app looks like a legitimate VPN app.
They did not show the different payment options for weekly or monthly. Yearly was the only option. I'm reporting to Apple to get a refund. There is no way to contact them directly, and there are no reviews when I did a Google search on this App... It tries to look like a "strongVPN" app, which has many positive reviews.
Other legitimate App Store reviews describe an experience in which they received a pop-up in Safari encouraging them to download the app, only for the app to scam them into purchasing its expensive "subscription."
ITS A SCAM!!!!! IF YOU GOT A SECURITY ALERT THROUGH SAFARI ITS A SCAM!!!! DO NOT UNDER ANY CIRCUMSTANCES PUT YOUR INFO IN THIS APP!!!! THERE IS A REASON YOU CANT CANCEL YOUR SUBSCRIPTIONS!!!!!
Was charged for app from a pop up. Could not find a way to contact and request refund. Had to contact apple and report it. Was told I would be refunded. Still waiting for the refund. Will be reporting them over and over again!
As Eleftheriou notes, the app is grossing around $1 million per month by scamming users, and is even ranked #32 at the time of writing in the App Store's Utilities category.
There are other alarm bells, such as the fact that the app's website is blank, and the developer lists a fake email with a fake domain provider for its "privacy contact." In a previously issued statement, Apple said it does not "tolerate fraudulent activity on the App Store" and that it will work hard to put in place "stringent rules against apps and developers who attempt to cheat the system."
Apple's in-app purchasing system, the center of this scamming tactic, has come under increased scrutiny recently. The criticism has come mainly from Epic Games, who are taking into question the fact that for every purchase made inside of an app, Apple takes a 30% commission from the revenue. In this case, even with the fake VPN app, Apple is earning a profit, at the expense of scammed users.
