Fitness-tracking apps caught misusing TouchID to steal money from iPhone users  - fitness balance - Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

Reddit users have shined a spotlight on an underhand user interface trick used by certain iOS fitness apps to trick iPhone owners into approving unwanted in-app payments with .

As researchers at ESET describe in a blog post, iOS apps called “Fitness Balance” and “Calories Tracker” claim to put you on the course to fitness, by helping you calculate your BMI, remind you to drink water more often, and track your calorie intake.

However, the true aim of the apps appears to be to trick unsuspecting users into approving payments of over US $100.

Upon start-up of the apps, users are requested to scan their fingerprint in order to “view their personalized calorie tracker and diet recommendations.”

Touchid scam 1  - touchid scam 1 - Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

However, quick as a flash the app pops-up an in-app payment dialog asking for you to approve a payment of US $99, US $119.99, €139.99.

Which – of course – that if your finger is still touching the fingerprint scanner – you’ve probably just approved the payment. Ouch! It’s not your body that’s losing weight, it’s your wallet.

Touchid scam 2  - touchid scam 2 - Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

Both “Fitness Balance app” and “Calories Tracker app” have now been removed from the App Store, but questions should be asked as to how Apple’s vetted app store allowed these dodgy apps into their marketplace in the first place.

My guess is that if two apps have tried this scam, there may be others attempting it too.

One defence is to not have a credit or debit card directly connected to your Apple account, but frankly – you’re likely to find that more of a nuisance than it’s worth.

So, if you feel you have been sneakily tricked into making an in-app purchase your best bet may be to complain to Apple and request a refund.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus having worked for a number of companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, , and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here