ALERT! – Touch ID Scam Apps – ALERT!
Posing as health assistants these malicious apps are urging users to use the Touch ID before they show certain features such as a calorie counter, a heart rate measurement, or other seemingly legitimate function. However, once you scan your fingerprint the apps quickly shows an in-app purchase pop-up then quickly dims the screen so you can’t see the prompt. The app then charges you from $90 to $120. Even if you refuse to use Touch ID to enable a feature the app asks you to tap to continue and leading the user to another the in-app payment scam instead.
According to Stephen Cobb senior security researcher at ESET, “As soon as you put your finger on there, it starts scanning, so it’s ready and acting very quickly. Someone cleverly figured out they could use the way the Touch ID is implemented to get people to do things that they don’t want to do.”
The apps in question, innocently named “Heart Rate Monitor,” “Fitness Balance app,” and “Calories Tracker app,” have been removed from the App Store. It’s unknown if the suspect apps came from separate developers or someone operating multiple developer accounts. Regardless, the perpetrator did not use malware but instead applied knowledge of how people use Touch ID.
What makes this scam so dangerous is that Touch ID is used for more than just unlocking your iPhone. Touch ID is used for Apple Pay and for authentication on various apps. The function is quick and effortless meaning the user won’t think twice about using it when an app asks them to. Touch ID has no secondary confirmation when you do put your finger on the home button. The scammer knew this.