Scam app hunter / developer Kosta Eleftheriou, known for catching violent scams that make it past Apple’s review process, has once again drawn attention to a new harvest of shady apps sold through the App Store. This time, they’re on the Mac, and they’re using pop-ups that make it extremely difficult to quit an app without agreeing to outrageous subscription prices – all without Apple noticing it, despite its argument that its App Review process keeps devices and users safe.
The app that started the hunt, which seems to have been discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou and user reviews, the app locks and will not let you quit using keyboard shortcuts or the menu bar until you accept a $ 9.99 per month subscription. (It may, however, be forced interruption.) Eleftheriou told The edge that it “appears that this developer has experimented with different techniques over the years to prevent people from closing the payment wall,” and points us to several other apps that are still in the store with similar behavior – we’ll get to them about a moment.
Once after Eleftheriou tweeted to My Metronome, the app was apparently removed from the store. An attempt to open the link pops up with a message that it is no longer available in my region. (Though, to be clear, you should probably not try to download it or any of the apps we’re talking about.) Apple did not respond The edge‘s request for comment on whether it was the one that should remove the app or how it passed the App Review in the first place.
However, the story does not end there. As developer Jeff Johnson discovered, the company that created the metronome app, Music Paradise, LLC, is connected to another App Store developer, Groove Vibes. The privacy policies listed on both developers’ websites (which are linked to on their App Store pages) state that they are registered at the same address and both mention the same legal entity, Akadem GmbH.
The edge decided to test these apps ourselves, so we launched the Mac App Store and downloaded Music Paradise’s second app, Music Paradise Player, along with Groove Vibes’ entire catalog of Mac apps. Everyone had an instant pop-up asking for money in the form of a recurring subscription (usually around $ 10 a month, give or take a few dollars). Three of Groove Vibes’ apps worked correctly – you could exit them with the menu bar or by pressing Command + Q.
However, two apps from the developer, along with Music Paradise Player, downplayed the exit option on the menu bar, not letting you press the regular red close button. Keyboard shortcuts did not help either; they remained open even though I spammed Command + Q, Command + W and the escape button.
Apps do not completely lock you out of your computer like the ransomware that often gets in the news as there are other ways to shut them down even if you do not know how to force the termination. Music Paradise Player has an “X” button on the offer screen, and when you tap it, the subscription screen disappears and you can quit the app normally. The FX Tool Box has a small “Maybe Later” button that does the same thing. All To MP3 Converter has a similar “just let me into the app so I can close it”, but it is by far the worst perpetrator when it comes to hiding it. It is a piece of text that says “continue with the limited edition,” located between other pieces of text, with no clear sign that it is in fact a link.
But the fact that an experienced user could close these apps should the need arise does not excuse their existence in the store. In theory, the App Review should have tried them and rejected them for violating Apple’s guidelines. It’s frustrating to see these apps slip through Apple’s network when there are plenty of other examples where developers get confused for seemingly arbitrary reasons (or even just to follow Apple’s example).
But Apple has let lots of other scammers apps that openly break their rules slip through. Eleftheriou has previously discovered an iPhone app that does not work unless you give it a good review, as well as games for kids that turned into actual gambling apps when opened from a particular country. The company has updated its policies in an attempt to make the construction of scammers apps less appealing, but it falls down on actually enforcing these rules.
At the same time, Apple continues to argue that iPhone owners should only be able to install apps from their store so they can scrutinize the software. The company is strongly opposed to legislation that would force it to allow page loading or installation of apps from other sources, saying the lack of an App Store monopoly would expose users to all sorts of scams and malware. (When we checked last year, the App Review team only had 500 people tasked with making sure that every app in the store following the rules.)
What makes things worse, in the case of the apps we tested today, is that there is no obvious way to report them from the Mac App Store. Apple added the “Report a problem” button to the App Store on iOS and said it would be in Monterey, but my Mac is fully updated and I can’t find it anywhere. I able to report apps by going to reportaproblem.apple.com, logging in to my Apple account and reviewing the process there, but it’s honestly not something most people will do.