Scam app hunter/developer Kosta Eleftheriou known for catch outrageous scams that made it through Apple’s vetting process has once again drawn attention to a new crop of shady apps peddling the App Store. This time they’re on the Mac, using pop-ups that make it extremely difficult to quit an app without agreeing to outrageous subscription prices — all without Apple noticing, despite its argument that it’s an app review process protects devices and users.
It seems to have been the app that started the hunt discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou, and user reviews, the app crashes and won’t let you exit via keyboard shortcuts or the menu bar until you agree to a $9.99 per month subscription. (However, it can be forcibly terminated.) Eleftheriou said The edge that it “seems like this developer has been experimenting with various techniques over the years to prevent people from closing the paywall,” and alerts us to several other apps that are still in the store with similar behavior – us will come back to that in a moment.
Sometime after Eleftheriou tweeted about My MetronomeApparently the app was removed from the store. When trying to open the link, a message appears stating that it is no longer available in my region. (Though, to be clear, you probably shouldn’t be trying to download it or any of the apps we’ll talk about in a moment.) Apple didn’t respond to that The edge‘s request for comment on whether it was whoever shut down the app or how it even passed the app review.
But the story doesn’t end there. As developer Jeff Johnson discovered, the company that developed the metronome app, Music Paradise, LLC, has an affiliation with another App Store developer, Groove Vibes. That privacy guidelines listed on both developers’ websites (which are linked from their App Store pages) state that they are registered at the same address, and both mention the same legal entity, Akadem GmbH.
The edge decided to test these apps ourselves, so we launched the Mac App Store and downloaded Music Paradise’s other app, Music Paradise Player, along with Groove Vibes’ entire catalog of Mac apps. All had an instant pop-up asking for money in the form of a recurring subscription (usually priced at $10 a month, give or take a few bucks). Three of Groove Vibes’ apps worked fine – you could quit them from the menu bar or by pressing Command + Q.
However, two of the developer’s apps, along with Music Paradise Player, have grayed out the exit option in the menu bar and won’t let you press the default red close button. Keyboard shortcuts were no help either; They stayed open even when I spammed Command+Q, Command+W, and the escape key.
The apps don’t lock you completely from your computer like the ransomware that often spreads the messages because there are other ways to close them even if you don’t know how to force quit. Music Paradise Player has an “X” button on its offers screen and once you press it, the subscription screen will disappear and you can exit the app normally. FX Tool Box has a small “Maybe Later” button that does the same thing. All To MP3 Converter has a similar “Just let me in the app so I can close it” button, but it’s by far the worst offender when it comes to hiding it. It’s a piece of text that says “Continue with the limited edition” nested among other pieces of text with no obvious indication that it’s actually a link.
But the fact that a savvy user could close these apps if necessary doesn’t excuse their existence in the store. In theory, App Review should have tried them and rejected them for violating Apple’s policies. It’s frustrating to see these apps slip through Apple’s net when there are many other examples of developers getting hired for seemingly random reasons (or just for along the lines of Apple).
But Apple has allowed many other rogue apps that openly break its rules to slip through the cracks. Eleftheriou previously discovered an iPhone app that won’t work unless you give it a good ratingas well as games for children who became real gambling apps when opened from a specific country. The company has updated its policies in an attempt to make creating rogue apps less attractive, but falls short of actually enforcing these rules.
At the same time Apple argues further that iPhone owners should only be able to install apps from its store so it can scrutinize the software. The company vehemently opposes laws that would force it to allow sideloading or installing apps from other sources, stating that the lack of an app store monopoly would expose users to all manner of fraud and malware. (When we checked last yearthe app review team had just 500 people tasked with the Herculean task of making sure it did every app in the store obey the rules.)
To make matters worse, in the case of the apps we tested today, there’s no obvious way to report them from the Mac App Store. Apple Added “Report a problem” button into the App Store for iOS and said it was in Monterey, but my Mac is up to date and I can’t find it anywhere. I can report apps by going to reportaproblem.apple.comI log into my Apple account and go through the process there, but honestly it’s not something most people will do.
https://www.theverge.com/2022/4/15/23027363/apple-scammy-apps-mac-app-store-moderation Apple still isn’t catching rogue apps, and this time they’re on the Mac