BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

App Scams: Sneaky 'Utility' Apps Are Stealing $260, $2500, or even $4700 Each Year ... Per User

Following
This article is more than 5 years old.

Update October 18: Apple has pulled most of these scammy apps from the App Store.

An obscure app that reads bar codes is scamming hundreds of App Store users by automatically initiating an expensive $156 per year subscription. And there are dozens more like it, with some charging users thousands of dollars each month for extremely minimal functionality.

App scams are nothing new.

Last summer Apple deleted an app scamming $80,000/month from iOS users. At the time, Apple promised to pay closer attention to subscription apps to prevent similar schemes in the future. Clearly, however, some are still slipping through.

The Tinylab app has a very tricky and potentially scammy flow to subscription payments.

John Koetsier

"TinyLab's QR Code Reader is tricking users into a high $156 per year subscription and is currently the top 218 grossing app on the U.S. App Store," says Julie Plumb, an iPhone owner who contacted me after seeing my above-linked app scam article. "Going through the list they seem to be one of the highest developer in the Grossing charts making money from this type of subscription trap scam. I would suspect they have earned millions of dollars in revenue."

I tried it myself, and the flow is very clear:

  1. Download the app
  2. Open it
  3. Click the big "start" button (this has small, hard-to-read pricing information, but even though I was testing the app and forwarned, I missed it)
  4. Instantly be taken to an Apple payments confirmation screen: free for three days, and then $3.99/week in perpetuity.

The flow is smart and sneaky. It's carefully designed to have you "agree" to the charges without having any intention of paying, as Plumb shows in a video:

"Users open the app and quickly tap a "Start" button or "Continue" button on the first page," she told me via email. "Unfortunately this loads the Apple payment prompt instead of starting the free app as most users would expect. Users then panic and press the home screen to exit the app - unfortunately on fingerprint devices this makes payment or signs up for the free trial."

Needless to say, $4/week for a very, very, very simple barcode-scanning device is completely ridiculous. $156/year borders on criminal.

The ultimately indignity is the sneaky path to getting you to pay, using the very functionality on your phone that you're trying to use to escape.

Perhaps even worse, as Plumb shows in her video (embedded above), the App Store description is intentionally misleading, showing a price which seems to be a one-time payment but is in actuality a weekly-recurring charge.

It seems to be working.

According to App Annie, TinyLab QR Code Reader is currently 235th on the top-grossing iOS app list. That's ahead of official apps from major international organizations such as the UFC and the PGA, as well as well-known games like The Sims. Duolingo,  a well-known international language training tool with a large user base, is #241, while NBA Live Mobile Basketball, by Electronic Arts, is #265.

And it's not the only scammy app.

Plumb identified another 18 apps that seem to follow a similar model: simple functionality that most people would assume would be free or cheap, and expensive -- in some cases hugely expensive -- subscriptions.

  • Weather (5th Grossing in Weather) $4.99 a week - $260 a year
  • BINANCE Crypto: Widget - $169.99 a year
  • Crazy Ringtones (4th Grossing Utilities) $49.99 a week - $2600 a year
  • ArmorVPN (5th Grossing Utilities) $9.99 a week - $520 a year
  • Spark Wallpaper & Background (7th Grossing Utilities) $4.99 a week - $260 a year
  • Phanced (8th Grossing Utilities) $12.99 a week - $675 a year
  • Color Call-Theme Screen (12th Grossing Utilities) $49.99 a week - $2600 a year
  • WebTranslator for Safari (13th Grossing Utilities) $89.99 a week - $4680 a year
    (note: no longer available, Apple has likely deleted it)
  • Life Tricks Ace (14th Grossing Utilities) $59.99 a week - $3120 a year
  • QR Scanner and Barcode Scanner (19th Grossing Utilities) $49.99 a year
  • WhatsIt (22nd Grossing Utilities) $19.99 a month - $240 a year
  • Color Your Call (4th Grossing in Productivity) $12.99 a week - $675 a year
  • S Video Maker (18th Grossing Productivity) $79.99 a year
  • Turto Tests (42nd Grossing Productivity) $19.99 a month - $240 a year
  • Pics Lock (55th Grossing Productivity) $69.99 a week - $3640 a year
  • Color Call App (85th Grossing Productivity) $9.99 a week - $520 a year
  • BrainPump (99th Grossing Productivity) $21.99 a month - $260 a year

Some of these might be legitimate, but all are expensive. And many have bad reviews:

"I was on safari and it said that it was gonna delete all my pictures unless I downloaded this app and I got it realized it costed money and then deleted the app and it charged my mom for over $100 even though I unsubscribed," one person commented on the Binance app above, which does not appear to be related to the cryptocurrency company of the same name.

Comment scamming is common among illegitimate apps, and Plumb says the same is true for Tinylabs' QR Code Reader app.

"You can see in the past 90 days they have had 1,000+ 1-star reviews on the App Store," Plumb says. "From their reviews it seems to have been going on all the way back to January 2018."

And yet the app currently has an App Store rating of 4.6.

This is generally only possible with a massive number of artificially-high fake reviews. Here's just one example:

John Koetsier

"Staff is fun and friendly, sports on the beach volleyball and tug of war cast Dave is a good guy," is the default first visible comment from a 5-star review currently on the App Store listing page for QR Code Reader.

That is clearly a word-salad comment from an automated system designed to create fake comments, and has nothing whatsoever to do with the actual app functionality.

At some point, Plumb says, Apple has to do something to stop these kind of abuses. Clearly, the company is trying to stem the tide, as WebTranslator for Safari is no longer available on the App Store.

In fact, its guidelines for subscriptions emphasize clear language and simple, straightforward processes:

"Provide prompts to subscribe in your app’s onboarding, and consider providing a persistent subscription button throughout the app interface," Apple's developer instructions say. "When communicating your subscriptions in your app and marketing materials, use clear, consistent messaging to make it easy for users to recognize the value of the offer. Include the value proposition of your subscription, a succinct call to action, and clear pricing and subscription terms."

But there's some room for improvement, surely.

"I think the developers are deliberately exploiting all these key steps [in the subscription process]," she told me. "I am struggling to understand how these apps are still in the App Store and scamming millions of innocent customers. I think it is really unfair. Surely no-one wants to pay $260 or $156 a year for a simple Weather app or QR Code Reader app when they are both built into the iOS for free."

The problem affects legitimate app developers as well.

They have to compete for users in an environment where the fraudsters are making millions for very little effort. That's challenging, to put it mildly.

Even worse, when people are cheated, they're less likely to shell out for legitimate purchases from honest companies.

"Sinister developers using unscrupulous techniques — to monetize, redirect or otherwise betray the trust of users — are a headache for everyone in the app ecosystem," says Eric Seufert, head of platform at mobile games publisher N3twork. "These disreputable developers make life harder for honest actors by poisoning the well of user trust and making users more reticent to engage with all apps. Imagine how difficult it is for the user to trust the app store when they have been tricked into a bogus subscription in the past."

I have asked Apple PR for a comment and will update this story with any response.

Follow me on Twitter or LinkedInCheck out my website or some of my other work here