How Apple’s App Store turned into a scammer’s paradise
Apple’s App Store has a problem.
Shady developers are gaming the App Store’s policies and its search ads to get users to download apps that trick them into paying for subscriptions for scam apps.
While there have long been apps from less reputable developers in the App Store, one developer called attention to just how bad the problem has become in recent months.
Johnny Lin, a developer who once worked for Apple, published a lengthy Medium post over the weekend detailing how widespread the problem is. The whole post is really worth the read, but the bottom line is this: by buying a few strategically picked search ads and using a bit of SEO, a shady developer can make tens of thousands of dollars off a garbage app by aggressively pushing users to buy subscriptions.
“It was really eye opening and shocking to see the wrong types of behavior being rewarded like that,” says Lin.
One of the more egregious apps he found was an app named “Mobile protection :Clean & Security VPN” that asked users to pay $99.99 a week for a completely worthless service. The app was making $80,000 a month, according to data from marketing firm Sensor Tower.
Apple removed the app, and several others Lin highlighted, after his post went viral, but the App Store is still rife with shady apps that use subscriptions and misleading descriptions to trick people into spending lots of money on junk apps.
Take this app, called “QR code –,” the 8th most profitable utility app in the App Store, according to Apple. The app, which is just a very basic QR code scanner, aggressively pushes users to agree to a $0.99 weekly or a $4.99 monthly subscription (why the monthly rate costs more than a four-week subscription is beyond me) in order to use the QR code scanner.
Upon launching the app, it forces you to commit to either a free trial or a weekly app subscription before you can scan anything. Putting aside the fact that there are dozens of free alternatives (and Apple plans to add QR code scanning to its camera in iOS 11), a free trial doesn’t sound so bad, right?
Problem is, the way Apple’s app subscriptions work, agreeing to a “free” trial can automatically opt you in to an auto-renewing subscription. If you aren’t paying attention, or don’t quite understand how these subscriptions work, you could easily end up paying for a monthly or weekly fee you never intended.
More people are falling for this than you might think, too. Much like the apps Lin found, “QR code -” is also gaming Apple’s App Store search ads. Search ads ensure it earns the top spot when you search for terms like “qr scanner” or “qr code,” giving it more visibility and, to some, credibility than its legitimate counterparts.
That top spot translates to a lot of downloads, many of which (either knowingly or, more likely, unknowingly) become paying subscribers. The app was released into the App Store on April 10, 2017, and made $30,000 from in-app purchases in May alone, according to data from Sensor Tower. No wonder it’s ranked #8 on Apple’s charts of top grossing utility apps.
Clearly there should be more scrutiny on developers who buy search ads, particularly for specific terms like “virus cleaner” or “antivirus.” (As John Gruber points out, Apple should ban “virus-scanning” apps altogether since iOS’ developer restrictions make the both unnecessary and useless.)
To be fair, search is a new frontier for Apple. Google has spent more than a decade battling people who use spammy methods to game its search engine so some learning curve is to be expected. Still, that less reputable app developers would use these tactics in the first place is both predictable and entirely preventable.
Fixing its subscriptions requires much more than banning some keywords, though. Apple has made efforts to reduce app review times over the last year as part of its bigger efforts to make its App Store more developer-friendly.
fixing its subscriptions requires much more than banning some keywords
App reviews, which used to take days or even weeks, are often now completed in a matter of hours, with the average wait time being one day, according to third-party data from appreviewtimes.com.
Apple has been notoriously opaque about its review process, which has been a source of frustration to many developers over the years. “Developers work so hard and they have to go through the app review process, which for many people is this black hole where you click submit and cross your fingers and hope for the best,” Lin says.
But while few people know the inner workings of the App Store, he fact that so many of these apps made it in suggests it has become much more automated than it previously was (I have to believe no human reviewer would allow a typo-riddled app with $99.99 weekly subscriptions through.)
Lin also posits one remedy would be for Apple to place more scrutiny on apps that have subscriptions over a certain amount of money as a way of ensuring quality.
Aside from changing its developer policies, Apple could do a lot to improve the usability of in-app subscriptions. Subscriptions are astonishingly easy to opt into via TouchID and exceedingly difficult to cancel (PSA: instructions here). And, if you do fall victim to one of these apps, obtaining a refund is as confusing as canceling your subscription in the first place.
subscriptions are astonishingly easy to opt into
Apple didn’t respond to Mashable’s request for comment on app subscriptions or whether those who had unwittingly paid exorbitant amounts for app subscriptions would get refunds.
That Apple would be reluctant to acknowledge problems with its subscription model is unsurprising, though. Subscriptions have been a boon for Apple, which has set multiple records since it opened up subscriptions to all developers (previously, only certain apps like music and video streaming, could charge a subscription fee). The move has also been good for developers, who can nab a greater share of subscription revenue than they did with standard in-app purchases.
But the company should put in place more safeguards to prevent these types of developers from tricking users in the first place — or risk losing credibility.