Prior to WWDC last week, Apple highlighted that it has now paid developers over $70 billion through the App Store, with $21 billion of that occurring the last year. A new post on Medium from Johnny Lin, however, highlights that not all of that $70 billion is necessarily legitimate…

The post outlines that some “developers” are taking advantage of Apple’s in-app purchase feature, combined with App Store search ads, to game users into subscribing to illegitimate services. This includes apps such as virus scanners, password generators, and VPN apps.

The app in question, according to Sensor Tower data, brings in around $80,000 per month in revenue, despite the fact that it offers users essentially no services and makes that money by scamming them into subscription service.

I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft. That was to be expected. But what’s this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called “Mobile protection :Clean & Security VPN”.

“Full Virus, Malware scanner”: What? I’m pretty sure it’s impossible for any app to scan my iPhone for viruses or malware, since third party apps are sandboxed to their own data, but let’s keep reading…

“You will pay $99.99 for a 7-day subscription”

Buried on the third line in a paragraph of text in small font, iOS casually tells me that laying my finger on the home button means I agree to start a $100 subscription.

As for how developers are gaining such traction with seemingly fake apps, Lin explains that many are manipulating App Store search ads to do so. Currently, Apple doesn’t have a filtering or approval process for search ads.

In as few words as possible, here’s what these developers are doing:

Turns out, scammers are abusing Apple’s relatively new and immature App Store Search Ads product. They’re taking advantage of the fact that there’s no filtering or approval process for ads, and that ads look almost indistinguishable from real results, and some ads take up the entire search result’s first page.

Later, I dug deeper to find that unfortunately, thesearen’tisolatedincidents — they’re fairly common in the app store’s top grossing lists. And this isn’t just happening with security related keywords. It seems like scammers are bidding on many other keywords.

  • Offering apps such as virus scanners and password managers
  • Free download with in-app purchase for outrageously expensive prices
  • Gaming search ads to be at the top of common search queries such as “virus scanner”
  • Offering users virus scanning services for $99/week
  • Profit $80,000 per month or $960,000 per year for seemingly doing nothing

We’ve reached out to Apple for comment on this practice. Ideally, iOS 11 will include search ad improvements to prevent such practices as these, while there’s also the question of how these ads made it through the App Store approval process in the first place. Currently, search ads are not live in iOS 11, which could hint at future improvements.

It suddenly made a lot of sense how this app generates $80,000 a month. At $400/month per subscriber, it only needs to scam 200 people to make $80,000/month, or $960,000 a year. Of that amount, Apple takes 30%, or $288,000 — from just this one app.

Either way, for developers who have little to no sense of morality, this represents a pretty easy way to make a quick million.