Dodgy apps use Touch ID/Face ID to rip off users | Cult of Mac

Dodgy apps use Touch ID/Face ID to rip off users


Touch ID on iPhone
Don’t let an app ask for your identity with Touch ID or Face ID unless you know what it’s doing.
Photo: Apple

A pair of fitness applications were found to be tricking users into authorizing financial transactions. They have been removed from the App Store, but stand as examples of something to watch out for.

If third-party software asks for you to identify yourself with Touch ID or Face ID, carefully consider whether there’s a good reason before doing so.

The apps were called “Fitness Balance app” and “Calories Tracker app.” They asked the user to scan their finger to view “personal calories tracker and diet recommendations.” But after the user did so, the software would notify them that it was about to make an in-app purchase of $119.99 or €139.99. Obviously, the hope was that people wouldn’t be paying attention and inadvertently authorize the payment.

People did notice, and the scam apps were deleted.

Pay attention when using Face ID and Touch ID

These two bogus applications are gone, but they demonstrate a scam to watch out for. Be cautious whenever a third-party app asks you to identify yourself with Touch ID or Face ID.

There are legitimate reasons for this. Information the user wants kept private can be locked/unlocked with Apple’s biometric security systems. But consider whether this fitness app, game or something else really needs to use Face ID or Touch ID.

An iPhone or iPad with Face ID will identify the user even if you’re not really paying attention. But no financial transaction will take place until the side button is pressed twice. If you’re ever asked to do this, be sure you know why.

And don’t trust the ratings on the App Store. There are dodgy services that will provide positive reviews for a modest price.

Source: welivesecurity