Apple’s Touch ID had been taken advantage of recently by several iOS applications to scam iOS users. The apps trick users to use their Touch IDs in fitness-tracking apps while the apps are actually using the Touch IDs to authorise payments.
According to WeLiveSecurity, the apps known as “Fitness Balance” and “Calories Tracker” claims to be able to calculate BMI, track daily calorie intake or remind users to drink more water. When the app was first launched, users will be asked to scan their fingerprints to view their personal calories tracker and diet recommendation but when they actually scan their fingerprints, there will be a sudden pop-up of payment that will then be authorised since the Touch IDs were being used. If users refuse the fingerprint scanning, another pop-up appears to prompt users to continue and the pop-up payment procedure with Touch ID repeats again.
Some users were charged $99.99, some $119.99, and many have complaint to App Store and emailed the developer himself. However, users received the same response from the developer that said he will “fix” the issue, and it’s clear now that it’s just part of the scam. In addition, the developer is smart enough to create fake reviews and ratings that led to the success in manipulating some iOS users to download the apps.
However, Apple has since removed both apps from App Store so that the apps will steal more money from other users. It is unsure how many users have been conned by the developer, but they can try to ask for a refund from Apple and hopefully Apple will be able to get the developer to refund all the victims.