SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
iOS apps used Touch ID feature to trick users into paying hefty fees
Apple's App Store has given the boot to two highly rated apps that abused the iOS Touch ID feature in an attempt to swindle users out of sums of more than $100, users on Reddit reported over the weekend.
The offending "Fitness Balance app" and "Calories Tracker app" promised to calculate body mass index, monitor calorie intake, and provide other health-related services. With no advanced warning, according to Reddit posts here and here, the apps charged users fees of $99.99, $119, or 139 Euros, depending on the country of the user. Users who had a credit or debit card connected to their Apple account were immediately billed.
The scam worked by displaying a message as soon as the app was opened. It told users to scan their fingerprint to view a calorie tracker or receive another personal service. When users complied, the apps displayed a popup window that said they had been charged a fee. Less than two seconds later, the popup disappeared, but by then it was too late for many users. Anyone with a card linked to their Apple account was already charged.
(Score: 3, Informative) by Anonymous Coward on Friday December 07 2018, @12:33AM (1 child)
They didn't control the prompt, what happened is that the prompt only requires one's finger be scanned, and the apps tricked users into putting their finger in-place for scanning prior to prompting, so the prompt was blown right through before they had time to read it and remove their finger.
Damned silly design, but a more understandable mistake than what I assumed.
(Score: 4, Interesting) by boltronics on Friday December 07 2018, @02:19AM
Easily avoidable if Apple tracked a finger down event on pop-ups to see if a finger was already pressing down when the button is shown, and if so then have it require a second tap to register. I don't use Apple devices, but I'm shocked Apple hasn't got touch right.
It's GNU/Linux dammit!