Fraudulent app hunter/developer Kosta Eleftheriou, known for spotting egregious scams that exceed Apple’s review process, has once again drawn attention to a new generation of shady apps being sold through the App Store. This time they’re on the Mac and use pop-ups that make it extremely difficult to quit an app without accepting exorbitant subscription prices – all without Apple noticing, despite its argument that its app review process apps keeps devices and users safe.
The app that started the hunt, which appears to have been discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou and user reviews, the app locks itself and does not allow you to exit it using hotkeys or the menu bar until you accept a 9.99 subscription $ per month. (He can, however, be forced to quit.) Eleftheriou said The edge that it “seems this developer has experimented with various techniques over the years to prevent people from shutting down the paywall”, pointing us to several other apps that are still on the store with similar behavior – we’ll get to that in a bit.
Some time after Eleftheriou tweeted about My Metronome, the app has apparently been removed from the store. Trying to open the link appears with a message that it is no longer available in my region. (Although, to be clear, you probably shouldn’t try to download it or any of the apps we’re going to talk about.) Apple hasn’t responded to The edgeasking for feedback on whether he was the one who removed the app or how it passed the app review in the first place.
The story does not end there however. As developer Jeff Johnson discovered, the company that created the metronome app, Music Paradise, LLC, has a connection with fellow App Store developer Groove Vibes. The privacy policies listed on both developers’ websites (which are linked on their App Store pages) state that they are registered at the same address and both mention the same legal entity, Akadem GmbH.
The edge decided to test these apps ourselves, so we hit up the Mac App Store and downloaded Music Paradise’s other app, Music Paradise Player, as well as Groove Vibes’ full catalog of Mac apps. All of them had an immediate pop-up asking for money in the form of a recurring subscription (usually around the price of $10 per month, give or take a few dollars). Three of Groove Vibes’ apps worked decently – you can quit them with the menu bar or by pressing Command+Q.
However, two apps from the developer, along with Music Paradise Player, have grayed out the Exit option in the menu bar and won’t allow you to press the standard red close button. Keyboard shortcuts were no help either; they stayed open even while I spammed Command+Q, Command+W, and the escape button.
Apps don’t completely block you from accessing your computer like the ransomware that often makes headlines, because there are other ways to close them even if you don’t know how to force stop them. Music Paradise Player has an “X” button on its offer screen, and once you tap it, the subscription screen disappears and you can exit the app as normal. FX Tool Box has a little “Maybe Later” button that does the same thing. All To MP3 Converter has a similar “let me enter the app so I can close” button, but it’s by far the worst offender when it comes to hiding it. It’s a piece of text that says “continue with the limited edition”, nestled between other pieces of text, with no obvious signs that it’s actually a link.
But the fact that a savvy user can close these applications, if need be, does not excuse their existence on the store. In theory, App Review should have tried them and rejected them for violating Apple’s guidelines. It’s frustrating to see these apps slipping through Apple’s network when there are many other examples of developers getting bitten. for apparently arbitrary reasons (or even just to follow Apple’s example).
But Apple has let many other fraudulent apps that blatantly violate its rules slip through the cracks. Eleftheriou has already discovered an iPhone application that will only work if you give it a good review, as well as children’s games that have turned into real game applications when opened from a certain country. The company has updated its policies in an attempt to make creating fraudulent apps less appealing, but it fails to enforce those rules.
At the same time, Apple continues to argue that iPhone owners should only be able to install apps from its store, so it can review the software. The company vehemently opposes legislation that would force it to allow apps to be sideloaded or installed from other sources, saying the lack of a monopoly on the App Store would expose users to all kinds of abuse. kinds of scams and malware. (When we checked last year, the App Review team was just 500 people, tasked with the Herculean task of making sure every app on the store follow the rules.)
Worse still, in the case of the apps we tested today, there’s no obvious way to report them from the Mac App Store. Apple added a “Report a problem” button to the app store on iOS and said it would be in Monterey, but my Mac is fully up to date and I can’t find it anywhere. I can report apps by going to reportaproblem.apple.com, logging into my apple account, and following the process there, but frankly, that’s not something most people are going to do.