App Store scammers are using Touch ID tricks to steal money

Reddit users are exposing shady iOS fitness apps that use the Touch ID feature on iPhones and iPads to scam people out of cash. Both "Fitness Balance app" and "Calories Tracker app" were active on the App Store until recently, though Apple appears to have now removed them.

Like their genuine counterparts, they promised to calculate your BMI, track daily calorie intake, or remind you to drink more water. But they also used a cunning, but downright fraudulent, trick tied to to the iOS Touch ID sensor. While asking to secure your personalized diet data by scanning your fingerprint, the apps would display a pop-up showing a payment of $119.99. With just seconds to act, the scam could easily see users inadvertently handing over money from their connected credit or debit cards.

It seems people reported the apps to Apple, which likely led to their removal, though Apple itself hasn't released an official statement on the takedowns. According to WeLiveSecurity, the "Fitness Balance app" had an average rating of 4.3 stars, and received at least 18 mostly positive reviews, which may well have been faked.

In its developer guidelines, Apple forbids apps that "prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app." Developers who break the rules risk being banned forever, warns the company.

Despite Apple's solid track record when it comes to App Store security, the odd shady app has slipped through the cracks. Late last year a fake port of the Xbox game Cuphead made the cut, before being removed. And back in 2012, a fake version of the Game Boy classic Pokemon Yellow also briefly appeared on the App Store.