Apple’s $64 billion-a-year App Store isn’t catching the most egregious scams

Recently, I reached out to the most profitable company in the world to ask a series of basic questions. I wanted to understand: how is a single man making the entire Apple App Store review team look silly? Particularly now that Apple’s in the fight of its life, both in the courts and in Congress later today, to prove its App Store is a well-run system that keeps users safe instead of a monopoly that needs to be broken up.

That man’s name is Kosta Eleftheriou, and over the past few months, he’s made a convincing case that Apple is either uninterested or incompetent at stopping multimillion-dollar scams in its own App Store. He’s repeatedly found scam apps that prey on ordinary iPhone and iPad owners by luring them into a “free trial” of an app with seemingly thousands of fake 5-star reviews, only to charge them outrageous sums of money for a recurring subscription that many don’t understand how to cancel. “It’s a situation that most communities are blind to because of how Apple is essentially brainwashing people into believing the App Store is a trusted place,” he tells The Verge.

There’s a lot to unpack there: fake free trials, fake reviews, subscription awareness. We could write an entire story about each. Today, I’d like to focus on how one guy could find what Apple’s $64-billion-a-year App Store apparently cannot, because the answer is remarkable.

You simply look at the apps that are making the most money. Then, you find ones where the user reviews are suspicious and look for ridiculously high subscription prices.

That’s it. There’s no step four. Eleftheriou tells us this is how he started finding these scams, but you don’t need to be a coder to figure it out.

Heck, let’s try it together right now.

While Apple doesn’t share “top grossing” charts for the App Store any more (that seems to have died with the introduction of iOS 11 in 2017), companies like SensorTower still publicly share that data. All you have to do is pick an app category — say, Business — and click through the results.

Here’s “Call Recorder iCall,” the #26 top-grossing app in the Business category on the day I checked. As you can see below, “Charlier Brown” says he’s 100 percent satisfied and there’s a 3-day free trial, so what do we have to lose other than… $9.99 a week? Hooo boy.

“Charlier Brown” thinks you’ll like this call recorder app
Screenshot by Sean Hollister / The Verge

Users of the app tend to complain they can’t figure out how to cancel that $520 a year subscription — and that the app often stops recording after just a handful of seconds. Yet somehow it’s got a 4.5-star rating on the App Store. And fake reviews clearly have something to do with it. Here are a few that app data firm SensorTower recently archived:

No real downside by Leena Hayes

The app is free and is very versatile. Obviously if you are more into working out it may not be the best (there are high lv’s so it can be difficult) but for what it offers you it’s fantastic

Best at home at I’ve found by Darren Gorham

Ive tried various at home apps to use in between the gym and none of them are as easy to use. The workouts are effective and I love the tracking it provides along with caloric counts and timing

No equipment needed by Rosalba Noble

If you want to feel better about yourself & not join a gym, highly recommend this app as it gets you motivated to bigger as in more reps – not weights. I think its great to use your own body weight to get that burning workout

Call Recorder iCall is clearly not an exercise app, but that doesn’t seem to have stopped these “reviewers” from trying.

Now, let’s try the #8 top-grossing app in the Utilities category: “Roku Remote Control – Roki,” which seems a little suspicious when you consider that Roku gives away its own official remote control app for free. Here are a few choice one-star reviews:

Taking my money by 804user

I paid for the $19.99, but I am still being charged each month and still have yet to hear back from any type of customer SERVICE….BEWARE!!!

Didn’t work by lawstudent1989

And now I can’t cancel my subscription in the app it and I’m worried it’s just a farce to get my credit card info.

Not impressed by FallenWish

So originally I had this app on my android and it was free but now we have to pay for it?Like we don’t already dole out 300 dollars or more for the tvs ‍♀️There is just no winning

And here’s the first screen you’ll see after downloading:

This Roku remote looks like such a good deal.
Screenshot by Sean Hollister / The Verge

How could an app like this possibly have a 4.5-star rating in the App Store? Well, it wouldn’t if you actually averaged out each written review: Apple’s “4.5” counts every disembodied rating where someone punched in a number of stars, even if that was just to dismiss an annoying pop-up so they could try the app. As Eleftheriou tells me (pointing to his tweet, which I’ve embedded below), Roki would have had a rating of just 1.7 stars if you only counted reviews.

Here’s the kicker: Eleftheriou called out this app’s behavior two months ago, and yet it still exists in the App Store today. It’s not clear why, but it brings me to another important point. Even when people point out these shady apps, Apple doesn’t necessarily take action — and as Eleftheriou pointed out to me during our conversation, The Verge has some direct experience there.

On February 8th, we brought a bunch of these scams to Apple’s attention with this story, which prominently embedded a tweet by Eleftheriou about another scammy app called “Star Gazer+”.

Apple didn’t remove that app for two whole months, and won’t tell us the reasons for the delay. On the record, Apple would only provide this statement for our story:

“We designed and built the App Store to be a safe and trusted place for our users, and are constantly improving our processes to reduce fraud, malware and spam. To provide our users with the best experience, we regularly reject and remove apps, as well as fraudulent ratings and reviews, resulting in millions of removals every year. We intend to keep at this important work to ensure users can confidently download the apps they love and developers continue to make the App Store a great business opportunity.”

Star Gazer+ finally disappeared on April 8th, after Apple was approached by another journalist who publicly asked why it was taking so long. (It also happened to be the day Epic Games drew attention to some of these scams in a legal filing, though we’re not sure either is the true reason.) And while it appears that its publisher Dragon Game Studio has been booted off the App Store in the process, Apple appears to have overlooked its other publisher account for co-founder Jonas Johnsson, whose current claim to fame — no joke — is a “Ghost Detector+” with a $5/week recurring subscription fee.

Johnsson’s also got an $8/week horoscope app, and I’m sorry, this juxtaposition of angry reviews and a 4.5 score makes me laugh:

Seems like a bit of a mismatch here, Apple?
Screenshot by Sean Hollister / The Verge

While it’s impossible for us to tell how many of the horoscope app’s 32,000 star-only ratings are fake, Eleftheriou says Apple should have no problem with that. “When you consider refund request rates, app usage, and other associated info that only Apple has, you could imagine a totally revamped discovery system that does away with the current crude star-rating system that hasn’t seen any innovation since Bezos pioneered it 20 years ago,” he suggests.

During my hunt for scam apps, I also notice that some reviewers of these shady apps complain that developers are asking them for money a second time, even though they already purchased full premium access, and Eleftheriou says it sadly appears to be a theme: “A lot of scammers go and buy successful apps from people, and all they need to do is take that skeleton, make minor modifications and make a lot of money,” he says.

To get a sense of just how much money these scams are bilking out of people, here are some comparisons Eleftheriou made when he spotted a VPN app scam last week, one that Apple was remarkably quick to shut down (after myself and a number of other journalists reached out to Apple about the painfully obvious scam):

But it’s only “quick” if you ignore that Apple didn’t stop the scammers for six whole months, even though they caught the exact same developer doing the exact same thing months before:

You would think Apple would keep these off the App Store, right? And if not then it would at least root them out, catch the scam artists, and keep them from doing it again. Yet that doesn’t seem to be happening. While Apple currently makes an estimated $64 billion a year from its App Store and tells The Verge it has computer automation, proprietary review tools, huge volumes of internal data, and a dedicated “Discovery Fraud team” of humans at its disposal, a single person on a laptop in his living room is finding egregious scams that Apple continues to host, and I was able to use his basic technique to do the same thing. As Apple faces down hearings in Congress and lawsuits in court, its argument that it needs to maintain total control over the iPhone app ecosystem to keep users safe doesn’t mesh with the obvious examples of grift that anyone can easily find.

Here’s another scam Eleftheriou spotted (I highly recommend this whole thread):

And another:

And another. (If you find some, too, Eleftheriou would love to hear from you at bunco.squad@hey.com.)

Eleftheriou tells me that Apple has removed over 100 apps due to his reports — and if you’re wondering whether his online crusade is personal, the answer is most definitely yes. He began digging for scams after his own app FlickType, a keyboard for Apple Watch, was overtaken by scam apps that didn’t work and charged ludicrous fees, yet prospered due to fake reviews. What’s more, he claims Apple gave his competitors (and scammers) a leg up by refusing to initially approve his app — because Apple was hoping to acquire it from him at a cheap price instead. Last month, he filed a lawsuit against Apple for two years of lost revenue and other damages. So he’s absolutely got skin in the game.

But I don’t think that lessens the impact of his Twitter threads about where, precisely, Apple’s App Store is falling down on the job. The fake review situation seems bad. So do the difficult-to-cancel recurring subscriptions. While I like to think most Verge readers will see the fine print and know how to cancel, and Apple’s been getting better about mandated warnings, the bewildered reviews on these apps are a sign that many iPhone and iPad users are still having trouble.

Eleftheriou suggests to me that the kind of users who might be most vulnerable to these scams are experiencing a kind of perfect storm: “They get virus pop-ups in Safari, they’re directed to the App Store and think the app is recommended by Apple, they download the app thinking it’ll help them, it’s got the perfect ratings, and they’re not savvy enough to know.”

He shares a chart with me (from AppFigures, see below) about how long it can take for vulnerable users to turn off recurring subscriptions: “Only half will have figured out how to cancel it two months later. The other half still hasn’t figured it out after 8 whole weekly billing cycles,” he says.

“Only half will have figured out how to cancel it two months later.”
Chart by AppFigures

Situations like these make it harder than ever for Apple to justify its constant rhetoric about how the App Store is safe, secure, and defended, or that it’s necessary for Apple to be solely in charge, something that has already been in question for years due to the company’s arbitrary enforcement of its rules and recent App Store cash grabs.

And we’re starting to hear from Apple insiders, too, that the company’s claims about App Store security are overblown. Eric Friedman, the head of the company’s Fraud Engineering Algorithms and Risk (FEAR) team, will be testifying in next month’s Epic Games trial. In a recent deposition he spoke of the App Review team as “bringing a plastic butter knife to a gun fight” and “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.” His team reportedly believed App Review’s job was incentivized to get apps “through the pipe” and “move people through” like TSA employees. “App Reviewers typically review between 50 to 100 apps per day,” reads part of Epic Games’ filing.

Other App Store executives deposed for the Epic Games trial admitted that they were aware of a number of the types of scams we’re discussing today, including ringtone apps that reportedly raked in hundreds of thousands of dollars a month despite users warning against them — start at page 170 here (PDF) for examples.

“Apple likes to tie the App Store together with the system level protections, and bundle them together as the reason why the distribution is secure, but really it’s the system-level protections that are doing all the work,” says Eleftheriou.

Meanwhile, Apple former senior director of worldwide marketing (and noted tech analyst) Michael Gartenberg praised Eleftheriou’s recent efforts to highlight scams, suggesting that the Apple ecosystem is “breaking at the seams.”

But the thing I’m stuck on is how the most profitable company in the world, a company that has long justified a 30-percent cut of the App Store’s billions because of its App Review efforts, a company with multiple enforcement teams and access to internal data, isn’t doing the simple task of auditing the App Store’s top-grossing apps for fraud.

It’s not a novel idea: Daring Fireball’s John Gruber suggested it in December 2018, and again in 2019, and again in 2020.

But though Apple claims “the apps we offer are held to the highest standards for privacy, security, and content,” and that “moderators review worldwide App Store charts for quality and accuracy” every single day, it doesn’t seem to have taken this simple step.

Apple would not tell me why one man is continuing to find egregious apps that Apple’s fraud and app review teams are missing, or whether it goes back to inspect the App Store’s most lucrative apps for fraud. The company would not say how it protects customers against fake reviews, or whether any customers that fell for these scams will get refunds, or how it plans to combat scams in the future.

Apple did say generically that it does offer the ability to request refunds; that it does re-review apps against its App Store guidelines; and that it has improved its subscription processes both by 1) requiring app developers to clearly display what customers are getting into and how to cancel, and 2) prompting users to “manage” their subscription at the time they delete an app.

By the way: you know that app that John Gruber helped draw attention to in 2019, the one that reportedly charged $10 every week for wallpaper you could find free online? It’s still on the App Store. Never got removed.

It currently has a 4.1 rating, despite countless negative reviews, and SensorTower estimates the app still makes its developer $10,000 a month.

https://www.theverge.com/2021/4/21/22385859/apple-app-store-scams-fraud-review-enforcement-top-grossing-kosta-eleftheriou