$80k/month App Store Scam

716 points by amima 8 years ago | 195 comments

blhack 8 years ago |

This is particularly annoying while my beta is "waiting for review" so I can have the privilege of giving it to a few beta testers.

How does apple not expect that annoying developers with their app store process (so much so that things like this exist: https://fastlane.tools/), AND charging them 30% AND apparently not actually reviewing anything about the apps making it into their store isn't going to eventually drive people away from it?

(Why yes, I am cranky over the amount of hoops I had to jump through to get to the point of asking apple for permission to put my beta on my co-founder's iPhone)

joeld42 8 years ago | |

You can use HockeyApp (https://hockeyapp.net/) or just get your friend's UDID and build an IPA yourself to distribute the build to your friend's device, even if he or she is remote.

Testflight is more intended for "semi-open" betas where you only have tester's email.

bananaboy 8 years ago | | |

You can also do "internal testing" with TestFlight. That way the app is available immediately to any team members and doesn't have to go through review. You have to add the team members somewhere in the portal, but it would make sense for a co-founder to be in there.

st3fan 8 years ago | | |

get your friend's UDID - yes, you can, but there is a 100 device limit. you can reset that list once a year. it is meant for your team, not for testers.

blhack 8 years ago | | |

Thank you!

white-flame 8 years ago | |

> How does apple not expect that annoying developers ... isn't going to eventually drive [them] away from it?

Apple can dump on developers all they want. As long as they have a consumer base who is more loose with their app spending money than Android users, and a more consistent platform to develop on, developers will stick with iOS just as much as they have. The devs may complain more, but Apple's market is simply more profitable to be in.

tdeck 8 years ago | |

Your comment has been noted by Apple, and your app sent to the back of the queue.

SyneRyder 8 years ago | | |

I know your comment is a joke, but from Apple's official App Store Review Guidelines (in the introduction):

"If you run to the press and trash us, it never helps."

https://developer.apple.com/app-store/review/guidelines/2016...

Entangled 8 years ago | |

I've always said that's stupidly annoying stopping me from installing apps on my own phone or on my relatives and friends as long as I do it manually using an USB cable. Also stopping beta apps from running after a week. My macOS apps run forever and I develop dozens of apps for personal use.

robbiep 8 years ago | | |

It's 60 days now?

bmdashw 8 years ago | |

Off-topic, but I think the idea is to have someone like your co-founder be an internal tester—no review required!

blhack 8 years ago | | |

That's totally helpful, thank you!

Cpoll 8 years ago | |

> isn't going to eventually drive people away from it?

It's wishful thinking - most mobile developers can't afford to say no to abuse from their primary revenue stream.

idibidiartists 8 years ago | |

Use Expo.io ... if you're building in React Native, Expo is the easiest way to distribute apps (even on the Web with Snack)

acover 8 years ago | | |

Expo.io appears to be about the build process. The app still needs to be submitted to the apple store.

htormey 8 years ago | | |

I love expo to bits but their are many React Native scenarios where it’s not going to work.

One example would be if an app uses third party libraries that rely on native code. Now on the surface this might sound like an exotic requirement but consider that most mobile apis for third party services will probably wrap objective c or Java code.

An example of this came up for a friend who was building a github app. He had to eject from expo because the github mobile api wasn’t included in expo and required native code for authentication.

blunte 8 years ago |

#1 - Apple has a quarter of a trillion dollars in cash. You would think they could afford intelligent, reasonable app review teams. Clearly they don't bother, based on the complaints from honest developers and evidence of pure scams like this.

#2 - Average computer/phone users are willfully ignorant. I would say stupid, but that's a judgement call (even though I think it's true). Someone with knowledge can advise them, but they cannot be bothered with all that fuss. They'd rather ignore sound advice and push buttons. After all, look at the who runs the country and the complacence of many of its people.

Have you ever had a friend who was a lawyer? Did you ever get some traffic ticket and think, "Hey, I'll ask Bob if he can help me handle this!"? I'm guilty of this once in a while. But "average users" are guilty of doing this to technical people all the fucking time. And when we advise them of behaviors to change to avoid future incidents, they nod and agree, but then repeat the stupid behavior later.

Sorry for the rant, but perhaps it's time to just start replying to scammed/screwed users with, "Oh wow, that's really unfortunate. I guess you'll have to go buy a new phone/computer." Maybe that will jar them into actually using their brains.

* Edit for wine-related typos.

notadoc 8 years ago |

How does garbage like this get through the App Store? I thought Apple was notoriously strict on approvals?

Also, do people still use the App Store? I don't think I have casually browsed for apps in 5 years or more.

chatmasta 8 years ago |

These App Store ads are the Wild West right now. I've seen multiple cases where I search an exact app name, and that app's competitor has the top "spot" due to buying an ad. It's like if you searched for Uber and saw an ad for Lyft above it.

How long will apple allow this? At the very least it should be impossible to bid on trademarked terms, and no ad should ever outrank an exact match result.

_pmf_ 8 years ago |

One thing of note: the spelling errors are deliberate to let only the most gullible people through to the last step (improving the odds that the person in question will not know how to report this as a scam or initiate a chargeback). The same tactics are used by ads on porn sites[0].

[0] Or so I have heard ... from a friend

slig 8 years ago | |

There's a paper from Microsoft IIRC explaining this behavior. I'm on mobile right now, otherwise I'd find it and link it here.

fgandiya 8 years ago | | |

This one https://www.microsoft.com/en-us/research/publication/why-do-...

prodmerc 8 years ago | |

Similar thing with long sales pages. Reader doesn't know exactly what he wants, isn't convinced, but with a lot of filler mumbo jumbo and some images, maybe a video, you can get them to buy on the spot.

pthreads 8 years ago | |

Interesting! I was wondering what the reason was. My first instinct was to assume the developer just used Google Translate or something like that and perhaps not being an English speaker was bad at spelling too. But based on your comment I am not intrigued with the possibility of it being a deliberate tactic.

kennydude 8 years ago |

Some keywords need to return help topics instead. If you search "virus scanner", Apple should tell users their device really doesn't need one

thirdsun 8 years ago | |

I like the idea. A friendly banner that says "Did you know that your iPhone really doesn't need Antivirus apps? Learn more..." is a nice way to educate the user.

Nevertheless garbage apps like the one described here have no place in the App Store and should not be available at all.

tyingq 8 years ago | |

In hindsight, this seems obvious, and a great idea. Are there any "banned search keywords" now, or is it completely unrestricted? I'm curious if there's just no mechanism for this at all, or if they just aren't using it when they should.

kennydude 8 years ago | | |

I don't think there is, or I haven't come across any

dandare 8 years ago | |

One could argue to the contrary; The existence (and apparent success) of scam apps like this is a clear evidence your iPhone could use a 3rd party "virus scanner" - one that would protect you from malicious "virus scanners" :p

kennydude 8 years ago | | |

Can they even work? It depends if iOS provides a public API for getting a list of installed apps

downandout 8 years ago |

There has got to be more to this story. People would refute accidental purchases of $400/mo. Perhaps these guys are using tech support scams etc to drive traffic to this thing, or they're simply using stolen credit card numbers to setup Apple App Store accounts. Perhaps that's why the spelling and layout is so bad...it's possible that they don't intend anybody outside of themselves to actually use it.

ceejayoz 8 years ago | |

> There has got to be more to this story. People would refute accidental purchases of $400/mo.

There are plenty of folks out there who pay little to no attention to what's being billed on their cards.

As an example: http://www.nbcnews.com/id/14838642/ns/technology_and_science...

gagege 8 years ago | | |

Poor lady. It sounds like she may have been fully aware of what she was paying, she just never did any research to find out that she was overpaying by about 500x. Which, is almost as bad as never looking at your bank statements.

codedokode 8 years ago | |

I agree, that looks suspicious. Why people would need adware removal on iPhone when there is no malware in the first place? And judging by app design it doesn't look like its developer cares about conversion.

zrth 8 years ago | |

You could even force people on the street to subscribe to the app instead of mugging them. This solved the problem that more and more people are cashless. Also you don't have to worry about selling contraband.

rco8786 8 years ago | |

> it's possible that they don't intend anybody outside of themselves to actually use it.

Then why run the ads?

htormey 8 years ago |

wow, I'm pretty pissed off by this. One of my clients is a medical marijuana startup and we have had to jump through so many hoops to stay compliant with Apple's random app store rules. We have been rejected on several occasions and pulled from the app store.

I also had another app that was accepted into the app store then when I pushed an update release I was informed that my logo had to change because it used Apple's camera emoji. I only did this because another popular app did the same thing (down for lunch). In order to stay compliant, I had to change my logo.

I'm fine with said rules existing as in theory they are meant to protect lay customers from junk like this. How on earth did this thing make it through a review process that's so hard on some apps?

I wish Apple would apply it's rules and vetting with more consistency.

tyingq 8 years ago |

I was under the impression that the approval process for the app store was somewhat rigorous.

How did this app get through that?

valuearb 8 years ago | |

Apple is rigorous (I've been rejected close to 20 times). But app review is also hard, especially when there is a flood of new app submissions every week, day and hour. Validating that an app does what it says it does isn't really what App Review is for. Most of my rejections were for how I described a feature, not how a feature worked.

Also there are ways to defeat App Review. Geo-fencing, time-boxing, etc so your illegal code never runs during review.

notadoc 8 years ago | | |

Shouldn't it be a giant red flag to a reviewer when the app is focused on an entirely fictional premise?

If the app was claiming to grow a dinosaur in your backyard after you pay $400/mo would it be treated any different?

bananaboy 8 years ago | | |

Are they really that rigorous? We just submitted our first game to the app store and they bounced us for two reasons, which were both because they hadn't seemed to pay attention to the game.

We have some text on a button that says "PACK 2 / EARN 50 STARS / OR BUY $1.49" (over three lines) which I thought was pretty clear: earn 50 stars in game to get the pack or use real money (the game teaches you about earning stars as you play) . They assumed that clicking on the button and spending real money would GIVE the player 50 stars so I suspect they didn't play the game at all and just went straight to the IAP screen.

The second thing they said was that there was no restore purchases button (which is a requirement if you have IAPs). Well, there is a restore purchases button in the credits screen, they just didn't explore the user interface (but somehow they found the IAP screen).

So they seem to do a very cursory look at submissions.

kuon 8 years ago |

This kind of things make me wonder why I am honest and poor (I mean not rich to the millions, I am not actually "poor"). I could do scams like this and be rich by the minute...

morganvachon 8 years ago | |

You said it yourself: You're honest. Take pride in that and keep being you.

I have just enough knowledge and just enough free time to maybe pull off one of these kinds of scams, but two things stop me: One, I have to look at myself in the mirror every day, and two, even if I set my morals aside, given my luck, I'd be the one Apple finally decides to make an example out of and sends the feds to my doorstep.

smnscu 8 years ago | | |

> given my luck, I'd be the one Apple finally decides to make an example out of and sends the feds to my doorstep

This usually has more to do with honest people not being good/experienced at being criminals, rather than luck.

pcunite 8 years ago | |

Honestly can very much mean making less. The rich are not often associated with "giving" but rather "taking".

codedokode 8 years ago | | |

Too much honesty can hurt your business if you are doing sales or negotiations.

rcarrigan87 8 years ago | |

Scamming ends up being just as much work and hustle as doing it the right/honest way...

akcreek 8 years ago |

How are chargebacks handled on the App store? I would assume a scam like this will receive a relatively enormous number of chargebacks.

Merad 8 years ago | |

I'm willing to bet that this is some kind of money laundering operation, a way to pull funds from stolen credit cards, or perhaps a way for "tech support" type scammers to get payment from their victims. Perhaps all of they above. I know some extremely technology illiterate people, but I can't think of any of them who would willingly pay $400 a month for "virus protection."

thirdsun 8 years ago | | |

> but I can't think of any of them who would willingly pay $400 a month for "virus protection."

Not willingly and probably not a full month, but I could imagine that some users accidentally subscribe to the $100 "trial" period - it really is just a quick Touch ID press away. The price and charge frequency is listed in a small font size for a brief moment before you press that button. I guess many users will stop that subscriptions once the first charge is done...and they are able to find the subscription options buried deep in the iOS settings app. Considering how essential subscriptions are these days I find it troubling that managing them is such a well hidden feature in iOS.

bartread 8 years ago | |

I was thinking a similar thing. How many people wouldn't notice being $400/month down? Also, don't Apple email people receipts for subscription payments as for one off purchases?

I mean, I'm sure there will be a few who don't notice, but it seems likely that chargebacks would be through the roof.

LoSboccacc 8 years ago | |

they will threaten to close your account if you chargeback too much.

jtbayly 8 years ago | | |

I tried to get a refund from Apple once, for a fraudulent app, but I never heard back. So I disputed the charge with Visa. I thought I'd solved the problem until Apple locked me out of the app store. The only way to get back to installing apps (even free ones) on my phone, if I remember right, was to use a new credit card.

Later on I did successfully get a refund for being charged twice for the same content when I bought it again on a family-shared device. Free tip: in-app purchases apparently aren't sharable to the family.

prodmerc 8 years ago | | |

Amazing.

tinus_hn 8 years ago |

I don't understand why such an obvious scam works; Apple keeps the money for a while so they should be able to cancel the developer account and refund all users.

valuearb 8 years ago | |

There is a 35-60 day lag time in getting paid. If you started scamming May 1st, you wont' be getting paid until the first week in July for your May scam sales, so there is the potential in freezing the account.

I found a scam competitor once and reported it to Apple and they pulled it just before the payment day so I'm hoping he never got paid.

maaaats 8 years ago | |

Apple earns 30% per scammed user and let the app pass through review. The implication is obvious.

vacri 8 years ago | | |

The whole point of the App store and Apple's bragging about it was that you were in a walled garden, and shit like this didn't happen. It's in their own interest not to kill their golden goose by allowing this kind of scam in their garden.

quesera 8 years ago | | |

...the implication is asinine.

sumedh 8 years ago | |

Someone needs to report the scam and then wait for Apple to do their review. If nobody reports it, the scammer makes a lot of money till that time.

tyingq 8 years ago | | |

There does seem to be some opportunity to inject common sense in there though. How common, for example, is a $100/week in-app purchase? Seems like there's some threshold that should kick off a review automatically.

mathiasben 8 years ago | | |

Are we to assume that NOBODY has reported this in the two months it's been in the app store?

endgame 8 years ago |

At what point do you say "no, the app store experiment has failed" and give users control of their own devices?

Never, I guess.

amelius 8 years ago | |

We need an extension of net neutrality (app neutrality?)

chipperyman573 8 years ago | |

Once Apple stops making money. At 30% for every transaction, this won't happen any time soon.

meric 8 years ago |

Looks like many of the keywords you can buy Ads for are underpriced. To advertise for a keyword you need to build can "relevant" to that keyword. It takes time for legitimate app developers to build apps to take advantage of those keywords. Until then, the underpricing of ads is taken advantage of by these "scammers" who build costly non-functional apps and recycle the earnings into buying ads for them.

Dylan16807 8 years ago | |

That won't fix anything. When a scammer is successfully charging 50 times as much as a legitimate app, they can outbid any real ad.

balladeer 8 years ago |

And I thought Apple vets the apps (and from what I heard even betas and upgrades/updates too?) before letting it go live on the App Store.

As a long time Android user (and no I wans't happy for most parts; and I wanted to taste the iOS waters both as an user and a mobile dev) who recently moved to an iPhone SE I feel really disappointed.

ge96 8 years ago |

Haha I thought this was a how to guide initially as a "good entrepreneur" mind you good to me is subjective, or is it personal. Money is money right? I can't ask my clients to pay me so I obvs don't support that.

Nice into the rabbit hole though, should see how bad it gets with VMs.

mark_edward 8 years ago | |

Are you saying you're a scammer? I'm having a hard time understanding this comment

ge96 8 years ago | | |

No I'm not a scammer. I can't even ask my clients to pay me. Most recently these people got a big SEO audit pdf and I'm the poor bastard that has to do it for no pay hahaha. They're like "alright so... all these urls and how the db/pages work? Rewrite them..." and I'm pretty sure I'd break a good part of it, just because of how expansive the site is. (I'll decline at least on this part as it's beyond me, like being asked to integrate a PayPal recurring API payment thing)

Nah they're like my second best client ever but it's still I don't get paid hourly/"a reasonable fixed price" so no in short form, I have no self respect.

I was scammed once (at least), it was a site that said "Sell your ideas for money!" hahaha, I "sold my ideas" For a non-refundable fee of $99 and this also overdrew my bank account.

^^ That reinforces my original thought, I could build a similar "legit looking site" throw a payment system on there and get some poor schmuck like myself to fall for it and pay. Good job on me who built that site for say $17.00 and some time.

edit: I was scammed by this lady (beat up looking face) and this guy, her "son" or whatever... they were asking for gas but insisted I give it to them in cash (at the gas station). Yeah I'm pretty stupid.

fright 8 years ago |

While it's frustrating if taken at face value, Sensor Tower's numbers aren't totally valid. They get the number for a few of my apps really wrong. The download stats are more or less true, but the revenue can be way off.

jitbit 8 years ago |

Yeah.

And Apple just rejected my app because it has a 'register free trial' link. Which is actually free, actually a trial, no CC info asked, no in-app purchase.

Their response was "if you offering something - you should be using in-app purchases".

Oh. OK.

hellofunk 8 years ago |

When I read stuff like this I really lose faith in the human race.

chinathrow 8 years ago | |

That's my current feeling looking at the Bitcoin price chart.

whyagaindavid 8 years ago |

Does nobody from apple read hn? How does one recommend iPhone to NGOs, privacy activists, other vulnerable people?

LoSboccacc 8 years ago |

yeah app store quality has dropped to google play levels to the point that one of ios last, actual, concrete advantage for non technical users is becoming moot.

microcolonel 8 years ago | |

The Mac App Store seems to have been considerably worse than the Google Play store since inception. I think that the iOS app store is just coming down to the level of the Mac App Store: barely suitable for distributing Apple's own applications.

derefr 8 years ago | | |

They've built an entirely-new store that's shipping with iOS 11, apparently. Might fix a few things.

prodmerc 8 years ago |

> I’ve also never clicked on a Google Ad.

I've never done it, either. I clearly remember the only few times I clicked on AdSense ads - once by mistake, and was extremely annoyed at the results (it was a sort of list like search results), and 2-3 times to test my own AdSense ads (yeah, against ToS).

Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

giarc 8 years ago | |

If you are on HackerNews, you probably aren't the typical internet user. I bet my 60 year old mom clicks on tons of ads without even knowing it.

ashark 8 years ago | |

> Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

A lot of users have a really poor sense of what all the stuff on their screen is. Google started putting ads inline with search results for a reason. Well, reasons, rather, all of them fairly "evil", but that was one of them.

floatboth 8 years ago | |

Bots click ads. And people paid to click ads :D

roywiggins 8 years ago | |

The scummy DOWNLOAD NOW ads that end up on legit software download pages has got to snag more than a handful of people. They're big shiny buttons with tiny (actually an ad) disclaimers.

microcolonel 8 years ago |

You know, it's sad that people are eager to pay Apple nearly a thousand dollars for a phone, buy an iCloud subscription to go with it, and maybe buy a MacBook (Pro?); and then content that after all of that money changes hands, Apple still wants to fill 80% of your screen with an advertisement. Then, if it wasn't bad enough, they don't vet the advertised applications for basic legitimacy (meanwhile legitimate apps frequently get caught up in endless nitpicking at submission).

I get why people do it, but it's sad that they do.

wayn3 8 years ago | |

im really happy with my macbook.

its reasonably powerful, doesnt make any noise, has an SSD and is a unix system without any of the linux haggling.

paying 1k extra for not having to deal with shit was really worth it for me. certainly made sense from a quality of life perspective.

and im anything but an apple fanboy.

lordvon 8 years ago |

I get the feeling that companies like Amazon and Apple purposefully try to hide as much as possible/tolerable the fact that you are subscribed to something (specifically, Apple apps and Amazon's Audible). I've spent tens if not hundreds of dollars towards subscriptions I didn't even know I had, and I'm afraid this might account for a shocking amount of revenue, as this article suggests. Microsoft on the other hand seems to let you know when you are going to charged again (I've experienced this with my office license subscription).

draw_down 8 years ago |

There's no way that a huge portion of the blame for this is not Apple's. Some of the ways they run the App Store were pretty silly starting out, and now just outright ridiculous.

Little distinction between ads and search results? No filtering or approval for ads? Scammy $100/week subscriptions for nothing? Meanwhile you're not allowed to make fun of the presidents elbows or whatever. Come on.

kuroguro 8 years ago |

Brilliant! Wish I would have thought of that xD

timwaagh 8 years ago |

finally i can be rich too! too bad i am not an ios dev. these apps are made by people from 'nam. i doubt you could do this in a civilized country without getting sued into the ground though.