Apple’s still not catching scammy apps, and this time they’re on the Mac
Source: https://www.theverge.com/2022/4/15/23027363/apple-scammy-apps-mac-app-store-moderation

Scam app hunter / developer Kosta Eleftheriou, known for catching egregious scams that make it past Apple’s review process, has once again brought attention to a new crop of shady apps being peddled through the App Store. This time they’re on the Mac, and they’re using pop-ups that make it extremely difficult to quit an app without agreeing to outrageous subscription prices — all without Apple noticing, despite its argument that its App Review process keeps devices and users safe.

The app that started the hunt, which seems to have been discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou, and user reviews, the app locks up and won’t let you quit it using keyboard shortcuts or the menu bar until you agree to a $9.99-a-month subscription. (It can, however, be force quit.) Eleftheriou told The Verge that it “seems like this developer has experimented with various techniques over the years of preventing people from closing the paywall,” pointing us to several other apps that are still on the store with similar behavior — we’ll get to those in a moment.

Sometime after Eleftheriou tweeted about My Metronome, the app was seemingly removed from the store. Trying to open the link pops up with a message saying that it’s no longer available in my region. (Though, to be clear, you probably shouldn't try to download it or any of the apps we’re about to talk about.) Apple didn’t respond to The Verge’s request for comment about whether it was the one to take the app down, or how it passed App Review in the first place.

The story doesn’t end there though. As developer Jeff Johnson discovered, the company that made the metronome app, Music Paradise, LLC, has a connection to another App Store developer, Groove Vibes. The privacy policies listed on both developers’ websites (which are linked on their App Store pages) say they’re registered at the same address, and both mention the same legal entity, Akadem GmbH.

The Verge decided to test these apps ourselves, so we fired up the Mac App Store and downloaded Music Paradise’s other app, Music Paradise Player, along with Groove Vibes’ entire catalogue of Mac apps. All of them had an immediate pop-up asking for money in the form of a recurring subscription (usually around the $10-a-month price point, give or take a few bucks). Three of Groove Vibes’ apps worked appropriately — you could quit them with the menu bar, or by pressing Command+Q.

However, two apps from the developer, along with Music Paradise Player, greyed out the quit option on the menu bar, and don’t let you press the standard red close button. Keyboard shortcuts were no help either; they stayed open even while I spammed Command+Q, Command+W, and the escape button.

An app should not be able to do this as soon as you open it.

The apps don’t totally lock you out of your computer like the ransomware that often makes the news, as there are other ways to close them even if you don’t know how to force quit. Music Paradise Player has an “X” button on its offer screen, and once you press it the subscription screen goes away and you can quit the app normally. FX Tool Box has a small “Maybe Later” button that does the same thing. All To MP3 Convertor has a similar “just let me into the app so I can close it” button, but it is by far the worst offender when it comes to hiding it. It’s a piece of text that says “continue with the limited edition,” nestled between other pieces of text, without any obvious sign that it’s actually a link.

The button that lets you quit All To MP3 Convertor is about as non-obvious as possible without literally being invisible.

But the fact that a savvy user could close these apps, if need be, doesn’t excuse their existence on the store. In theory, App Review should’ve tried them out and rejected them for violating Apple’s guidelines. It’s frustrating to see these apps slip through Apple’s net when there are plenty of other examples where developers get dinged for seemingly arbitrary reasons (or even just for following Apple’s example).

But Apple has let plenty of other scammy apps that flagrantly break its rules slip through the cracks. Eleftheriou previously discovered an iPhone app that won’t work unless you give it a good review, as well as games for kids that turned into actual gambling apps when opened from a certain country. The company has updated its policies in an attempt to make building scammy apps less appealing, but it’s falling down on actually enforcing those rules.

At the same time, Apple continues to argue that iPhone owners should only be able to install apps from its store, so it can scrutinize the software. The company vehemently opposes legislation that would force it to allow sideloading, or installing apps from other sources, saying that the lack of an App Store monopoly would subject users to all sorts of scams and malware. (When we checked last year, the App Review team only had 500 people, who are charged with the Herculean task of making sure that every app on the store follows the rules.)

There is a way to let Apple know about misbehaving apps. Last year, Apple added a “Report a Problem” button to the App Store on both iOS and macOS, which shows up near the bottom of the page after you’ve downloaded an app.

Correction April 16th 1:14PM ET: The original version of this article incorrectly stated that the report button wasn’t available in the Mac App Store. The report button is available in macOS, but only appears after you’ve downloaded an app. We regret the error.



Source: https://www.theverge.com/2022/4/15/23027363/apple-scammy-apps-mac-app-store-moderation

Leave a Reply

Your email address will not be published. Required fields are marked *