Apple’s still not catching scammy apps, and this time they’re on the Mac

Scam app hunter / developer Kosta Eleftheriou, known for catching egregious scams that make it past Apple’s review process, has once again brought attention to a new crop of shady apps being peddled through the App Store. This time they’re on the Mac, and they’re using pop-ups that make it extremely difficult to quit an app without agreeing to outrageous subscription prices — all without Apple noticing, despite its argument that its App Review process keeps devices and users safe.

The app that started the hunt, which seems to have been discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou, and user reviews, the app locks up and won’t let you quit it using keyboard shortcuts or the menu bar until you agree to a $9.99-a-month subscription. (It can, however, be force quit.) Eleftheriou told The Verge that it “seems like this developer has experimented with various techniques over the years of preventing people from closing the paywall,” pointing us to several other apps that are still on the store with similar behavior — we’ll get to those in a moment.

Sometime after Eleftheriou tweeted about My Metronome, the app was seemingly removed from the store. Trying to open the link pops up with a message saying that it’s no longer available in my region. (Though, to be clear, you probably shouldn’t try to download it or any of the apps we’re about to talk about.) Apple didn’t respond to The Verge’s request for comment about whether it was the one to take the app down, or how it passed App Review in the first place.

The story doesn’t end there though. As developer Jeff Johnson discovered, the company that made the metronome app, Music Paradise, LLC, has a connection to another App Store developer, Groove Vibes. The privacy policies listed on both developers’ websites (which are linked on their App Store pages) say they’re registered at the same address, and both mention the same legal entity, Akadem GmbH.

The Verge decided to test these apps ourselves, so we fired up the Mac App Store and downloaded Music Paradise’s other app, Music Paradise Player, along with Groove Vibes’ entire catalogue of Mac apps. All of them had an immediate pop-up asking for money in the form of a recurring subscription (usually around the $10-a-month price point, give or take a few bucks). Three of Groove Vibes’ apps worked appropriately — you could quit them with the menu bar, or by pressing Command+Q.

However, two apps from the developer, along with Music Paradise Player, greyed out the quit option on the menu bar, and don’t let you press the standard red close button. Keyboard shortcuts were no help either; they stayed open even while I spammed Command+Q, Command+W, and the escape button.

An app should not be able to do this as soon as you open it.

The apps don’t totally lock you out of your computer like the ransomware that often makes the news, as there are other ways to close them even if you don’t know how to force quit. Music Paradise Player has an “X” button on its offer screen, and once you press it the subscription screen goes away and you can quit the app normally. FX Tool Box has a small “Maybe Later” button that does the same thing. All To MP3 Convertor has a similar “just let me into the app so I can close it” button, but it is by far the worst offender when it comes to hiding it. It’s a piece of text that says “continue with the limited edition,” nestled between other pieces of text, without any obvious sign that it’s actually a link.

The button that lets you quit All To MP3 Convertor is about as non-obvious as possible without literally being invisible.

But the fact that a savvy user could close these apps, if need be, doesn’t excuse their existence on the store. In theory, App Review should’ve tried them out and rejected them for violating Apple’s guidelines. It’s frustrating to see these apps slip through Apple’s net when there are plenty of other examples where developers get dinged for seemingly arbitrary reasons (or even just for following Apple’s example).

But Apple has let plenty of other scammy apps that flagrantly break its rules slip through the cracks. Eleftheriou previously discovered an iPhone app that won’t work unless you give it a good review, as well as games for kids that turned into actual gambling apps when opened from a certain country. The company has updated its policies in an attempt to make building scammy apps less appealing, but it’s falling down on actually enforcing those rules.

At the same time, Apple continues to argue that iPhone owners should only be able to install apps from its store, so it can scrutinize the software. The company vehemently opposes legislation that would force it to allow sideloading, or installing apps from other sources, saying that the lack of an App Store monopoly would subject users to all sorts of scams and malware. (When we checked last year, the App Review team only had 500 people, who are charged with the Herculean task of making sure that every app on the store follows the rules.)

Making matters worse, in the case of the apps we tested today, is that there’s no obvious way to report them from the Mac App Store. Apple added a “Report a Problem” button to the App Store on iOS and said it would be in Monterey, but my Mac is fully up to date and I can’t find it anywhere. I can report apps by going to reportaproblem.apple.com, signing into my Apple account, and going through the process there, but quite frankly that’s not something most people are going to do.


Credit: Source link

Comments are closed.