SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
iOS apps used Touch ID feature to trick users into paying hefty fees
Apple's App Store has given the boot to two highly rated apps that abused the iOS Touch ID feature in an attempt to swindle users out of sums of more than $100, users on Reddit reported over the weekend.
The offending "Fitness Balance app" and "Calories Tracker app" promised to calculate body mass index, monitor calorie intake, and provide other health-related services. With no advanced warning, according to Reddit posts here and here, the apps charged users fees of $99.99, $119, or 139 Euros, depending on the country of the user. Users who had a credit or debit card connected to their Apple account were immediately billed.
The scam worked by displaying a message as soon as the app was opened. It told users to scan their fingerprint to view a calorie tracker or receive another personal service. When users complied, the apps displayed a popup window that said they had been charged a fee. Less than two seconds later, the popup disappeared, but by then it was too late for many users. Anyone with a card linked to their Apple account was already charged.
(Score: 5, Insightful) by bob_super on Friday December 07 2018, @12:07AM (15 children)
Given all the story of viruses, stray apps like these, and children clicking on popups in games without knowing it costs money, I just have never told any of my Android devices about my credit card. No payment set up, no accidental charges !
Turns out I never needed a paid-for app (ok, once, but the company got charged and sent an activation code), so it never restricted me.
(Score: 3, Informative) by IndigoFreak on Friday December 07 2018, @12:15AM (6 children)
Even with the same precautions I have been worried. You can 'text' a phone number and get a charge on your phone bill. With all the app permission that are 'required' for even dumb flashlight apps, they easily can get outgoing SMS rights, and send text messages. I don't see anything that actually stops this from happening.
(Score: 5, Informative) by bob_super on Friday December 07 2018, @12:28AM
Granular permissions on newer Android versions are supposed to prevent unwanted texting or internet access.
Actually, the Play store got worse and is now hiding the permissions under a sub-page, which means too many people will just no bother to check them (then will click OK on any popup asking anything without reading).
I also used Noroot Firewall for a while. Prevents basic access to the web from the apps by masquerading as a VPN. It's amazing how many things try to talk to the internet, yet if you don't let them it has no visible impact whatsoever on functionality.
(Score: 2) by edIII on Friday December 07 2018, @01:52AM (4 children)
I've abandoned Android and am waiting for Purism to finish the first Linux based phone. Same with the tablets. I would use Linux on them before I used Android.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Informative) by Anonymous Coward on Friday December 07 2018, @03:41AM (3 children)
The webpage at https://puri.sm/products/ [puri.sm] might be temporarily down or it may have moved permanently to a new web address.
It's a pity their website doesn't load on an Android browser
(Score: 1) by anubi on Friday December 07 2018, @10:13PM (2 children)
I just loaded your link and it apparently came up fine on my android BLU phone / Brave browser.
Thanks for sharing that. I am so frustrated with today's technology over the exact things discussed in these forums.... lack of transparency and doing things behind my back, can't trust it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Saturday December 08 2018, @02:10PM
I have Sleipnir, Chrome, Firefox, DuckduckGo, Ghostery, Adblocker browsers on my phone. That link only loads in Firefox. I have no idea why.
(Score: 1, Informative) by Anonymous Coward on Saturday December 08 2018, @02:19PM
Sigh. Yes another software company sending users to an online store instead of providing the installer. The download link for Brave links to:
https://play.google.com/store/apps/details?id=com.brave.browser&hl=en [google.com]
The wording on the link is "Download for Android".
If they can't even get this right how can they be trusted?
Look at NoreVPN. They have a link for their program on Google and a link to download the apk. Is it that hard.
https://nordvpn.com/download/ [nordvpn.com]
(Score: 2) by fyngyrz on Friday December 07 2018, @04:52AM (7 children)
...parenting. Need I say more?
(Score: 2) by bob_super on Friday December 07 2018, @05:29PM (6 children)
As illustrated by this example, people trying to get your money are pretty good at making things seem harmless until you get the bill. The people reading SN are more likely to notice the nefarious popup than the general population (though I've seen many engineers clicking popups without reading the error fix painstakingly written on them, grrr), and kids are less likely, even after being warned.
So far, my kids have avoided the problem (which would have yielded nothing for lack of payment info anyway), but I've seen many times the little games generating a new message in which the button designed to lead you to a micropayment overlaps the restart or "new game" button.
They're really good at trying to trick you out of your cash, so you have to teach young kids to be paranoid and careful, which is hard when they can barely read.
(Score: 3, Insightful) by fyngyrz on Friday December 07 2018, @06:09PM
...education. Need I say more?
(Score: 3, Informative) by fyngyrz on Friday December 07 2018, @06:22PM (4 children)
By "parenting", I meant to imply that if your kids are playing a game you haven't vetted, you're not parenting sufficiently. They're kids. The crux of the idea of being a child is that they aren't yet ready to face the world by themselves.
If someone wants to just let their kid sink or swim out there, I am deaf to their complaints that they pulled them down with them, financially or otherwise. If their kid is actually savvy enough to deal with everything, well, bravo, they're either insanely lucky or one hell of a good parent. Everyone else? They should be parenting harder. Usually a lot harder. Using phones, tablets and televisions as babysitters or just letting them loose without a care is a sure path to the parent(s) own education.
Again, I'm not saying I'm in favor of these malefactors being allowed to deceive and trap. I'm not. But this is the reality we all face, including children, so parents either have to do a good job or there will almost certainly be negative consequences, some of which may be quite severe.
And parents aren't (well, certainly shouldn't be) kids. So they don't have the excuse of "I wasn't ready." If you're going to spawn, you should be an adult, and you should have your ducks lined up. Otherwise, you're just asking for the government to step in and ruin everyone's day.
--
There are three kinds of people; those who can count, and those who can't.
(Score: 2) by bob_super on Friday December 07 2018, @06:48PM (3 children)
Totally agreed.
To give you an example of why things are complex, Angry Birds was quite harmless when I played it for a while.
A few months of updates later, I removed it from the tablet, because the amount of advertising had gone totally over the top.
Like everything in parenting, it's not a teach-and-move-on, but a constant vigilance issue, as the threat evolves and an initial threat assessment is obsolete quicker than our parents ever had to deal with.
(Score: 2) by fyngyrz on Friday December 07 2018, @07:25PM (1 child)
I'd like to see a complete ban on clickable/actionable advertising in all contexts that are intended for the use of children.
If an ad appears in such a context, it would have to be text, image or animation, nothing more.
That would at least abstract the action one level away, and allow the parent to control the spending. The child's only option would be to ask the parent to do the spending.
This is one of those areas where I think that actual regulation is called for.
--
So you want children: "Daddy, what does Formatting 90% mean?"
(Score: 2) by bob_super on Friday December 07 2018, @08:23PM
But but but ... Mah First Amendment, you socialist librul regulating commie !!!!
(Score: 0) by Anonymous Coward on Saturday December 08 2018, @02:22PM
Education.
Always disconnect from wifi/net before launching a mobile game.
install a firewall app.