We know that all technology and anything related to the internet has from time to time its setbacks, most apple fans think that Apple has minimal or no vulnerabilities. However, the truth is that the App Store is far from secure. Apple may have strict rules for the App Store but this does not mean that the App Store is impenetrable.
A developer named Kosta Elftheriou has recently exposed a popular malicious app on the App Store. This app has all the characteristics of a malicious app, but, it has been in the App Store for about four years.
The malicious app named “AmpME – Speaker & Music Sync” claims that it can increase the volume of music you play by “syncing it with all of your friends' phones, Bluetooth speakers, desktops, and laptops for FREE”. According to popular service AppAnnie, the application has about 100,000 downloads with over 50,000 reviews and a rating of 4.3-star.
These statistics its impressive and some Apple apps do not have. However, behind the blistering statistics lies the scam. AmpME shows a couple of traits characteristic of a scam app.
Let's look at and understand the scam characteristics of this app.
1. The app comes with an auto-renew USD 40/month subscription, which will translate to a massive USD 520 a year. The outrageous bill is not all, the main scam pointer is that it is very easy to sign up for but almost impossible to cancel.
2. The app review trend is another major scam red-light. We see huge spikes in the positive reviews, with most of the positive reviews being from people whose names are not pronounceable.
This is typical of paid reviews services.
Here is another shocker, Apple App Store has been featuring AMpME and “make millions”. Ironically, Apple's taglines for the App Store say: “The apps you love. From a place you can trust. Every day, moderators review worldwide App Store chars for quality and accuracy (sic).”
This casts a huge shadow on Apple App Store security and the review process once we understand is not as effective as we all think.
Well, a few hours after the report hit the web, Eleftheriou posted a new update on twitter. The post has the tag “update: app went poof”. We guess it took a Twitter thread for Apple to identify a scam app that has been sitting comfortably on its Store for four years.