Now-deleted scam app demanded positive review before it even worked

Posted:
in General Discussion edited June 2
An iOS app that forced users to leave a positive rating before using it managed to get past Apple's App Review process, though it has since been removed from the App Store.

Credit: Apple
Credit: Apple


The app, named UPNP Xtreme, purported to let users stream videos to their TV. However, as soon as the app opens after installation, it demands a review before it even functioned.

As spotted by app developer and anti-scam advocate Kosta Eleftheriou, the app would open a review dialog box as soon as it opened. However, the box couldn't be dismissed without leaving a review that was between three and five stars.

The review: "This app forced me to give it a good rating before I could use it."

You: "Pfff, no one's FORCING you!"

The app: pic.twitter.com/R6ytFAguhU

-- Kosta Eleftheriou (@keleftheriou)


The review behavior directly violates Apple's App Store guidelines, which bar developers from "showing a request review immediately when a user launches your app."

More than that, Apple's review API wouldn't allow developers to force leaving a review, so the developer of the scam app appears to have side-stepped the standard developer tools. In a subsequent tweet, Eleftheriou said the odd functionality was the result of a "trick" that is "extremely easy for any developer to do."

According to Eleftheriou, the developer of the fraudulent app has more than 15 million downloads and reportedly makes millions in revenue.

This isn't the first scam app Eleftheriou has discovered -- the app developer has publicized a slew of scammy apps in the past while vocally criticized Apple's App Review process. Back in March, Eleftheriou sued Apple for allegedly enabling the scam app problem.

Apple's App Review process has been a centerpiece of the Epic Games v. Apple antitrust trial. Tesitmony during the trial revealed a variety of details about the process, including the fact that concerns about scam apps among Apple executives stretch back nearly a decade.

Follow all the details of WWDC 2021 with the comprehensive AppleInsider coverage of the whole week-long event from June 7 through June 11, including details of all the new launches and updates.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
«1

Comments

  • Reply 1 of 29
    XedXed Posts: 970member
    OwlBundy said:
    Kosta Eleftheriou is such a tool. Like does anyone take this dunce seriously? Apple let other developers make apple watch keyboards and they ended up being far superior to the crap made so he cries fake reviews and tries to get the competion silenced. AI needs to stop giving creedence to this buffoon. 
    I don't know who this guy is, so please explain why this app should force users to give a positive review before it works or why Apple shouldn't be checking for such simple scams in their review process?

    Things will not be bette for consumers if Epic wins the trial, but Apple should absolutely be doing a lot more to protect users.
    edited May 26 dysamoriaronnpscooter63buttesilverFileMakerFellerwatto_cobra
  • Reply 2 of 29
    Yet another proof that most third-party mobile apps are rubbish by default. 
    edited May 26 lkruppHi.Jackwatto_cobra
  • Reply 3 of 29
    neoncatneoncat Posts: 29member
    I noticed there's been a wave of posts very similar to Owl's (similar wording) taking aim at Kosta the individual without addressing the substance of his points on here, 9to5Mac, MacRumors, and reddit, all posted this morning, some not even in reply to specific messages about this app. Looks like he rattled enough doors to make someone angry enough to spend a little money for an anti-marketing campaign. 
    dysamoriaronnpscooter63viclauyycwatto_cobra
  • Reply 4 of 29
    crowleycrowley Posts: 8,202member
    I laughed. If you’re going to be scammy it’s good to be funny about it. 
  • Reply 5 of 29
    dormlockdormlock Posts: 3member
    Stuff like this slips the review process cause the developer used a remote configuration to turn off the features they don't want the reviewers to see. Once it passes review and is released they updated the config to turn them on. Maybe apple should consider a post release review process with a randomized time for check
    aderutterronnFileMakerFellerasdasdHi.Jack
  • Reply 6 of 29
    dysamoriadysamoria Posts: 3,393member
    dormlock said:
    Stuff like this slips the review process cause the developer used a remote configuration to turn off the features they don't want the reviewers to see. Once it passes review and is released they updated the config to turn them on. Maybe apple should consider a post release review process with a randomized time for check
    Is this proven? It’s an interesting notion, as I was coming here to ask how Apple’s review process could possibly miss this, and what you said here is certainly a good answer if accurate.
    asdasdHi.Jack
  • Reply 7 of 29
    dysamoriadysamoria Posts: 3,393member

    OwlBundy said:
    Kosta Eleftheriou is such a tool. Like does anyone take this dunce seriously? Apple let other developers make apple watch keyboards and they ended up being far superior to the crap made so he cries fake reviews and tries to get the competion silenced. AI needs to stop giving creedence to this buffoon. 
    You’ve made zero arguments against the actual subject matter in this article, but you HAVE launched into an aggressive ad hominem attack against the guy, bringing up some other subject entirely irrelevant to the article posted here.

    You also only have eight posts here.

    You look like a scam yourself.
    kiltedgreenronnpscooter63muthuk_vanalingamstompy
  • Reply 8 of 29
    sflocalsflocal Posts: 5,653member
    OwlBundy said:
    Kosta Eleftheriou is such a tool. Like does anyone take this dunce seriously? Apple let other developers make apple watch keyboards and they ended up being far superior to the crap made so he cries fake reviews and tries to get the competion silenced. AI needs to stop giving creedence to this buffoon. 
    You seem triggered.  Are you the scammer?
    ronnwatto_cobra
  • Reply 9 of 29
    sflocalsflocal Posts: 5,653member
    I rarely use any 3rd-party apps.  About six months ago, the pandemic got me bored so I decided to download video game apps to kill some time.  ALL the game apps that looked remotely interesting were all garbage, the ads didn't look anything like the games, and most would nag me about paying money in order to advance more into the game.  Apple is allowing the App Store to rot and become a cesspool of illicit activity.

    It has to be difficult.  I couldn't even imagine what back-door resources Apple is using to try to contain the beast that is the App Store.  One thing for sure, deleting these scam apps is a never-ending whack-a-mole.  These miscreants simply pop up elsewhere like weeds, under a different ID and continue shoving their crap.

    I wish Apple would not only remove the apps, but ban the actual individual/developer so they can't ever create another ID.  I know that's wishful thinking, but just like being in prison - the individuals responsible for scamming people via iOS apps should never be allowed to create iOS apps again and it would send a message to other developers that  if you attempt to deceive people, you too will get the boot. 
    pscooter63macplusplusbaconstangmuthuk_vanalingamHi.Jackwatto_cobra
  • Reply 10 of 29
    XedXed Posts: 970member
    sflocal said:
    I rarely use any 3rd-party apps. 
    Really? You don't have any apps for financial apps, retail apps, or any other of the countless and common 3rd-party apps from well known corporations on your device? You're pretty much a stock iPhone with your apps?
    edited May 26 watto_cobra
  • Reply 11 of 29
    22july201322july2013 Posts: 2,399member
    sflocal said:
    I wish Apple would not only remove the apps, but ban the actual individual/developer so they can't ever create another ID.  I know that's wishful thinking, but just like being in prison - the individuals responsible for scamming people via iOS apps should never be allowed to create iOS apps again and it would send a message to other developers that  if you attempt to deceive people, you too will get the boot. 
    I did pay for the developer license one year, but didn't do very much with it. The way it worked, if I recall correctly, was I used my iCloud account and the associated credit card to pay for it. There was no additional identification. Apple never met me or saw any ID from me. Since that's the case, how would Apple "ban the actual developer?" I could reapply for a second developer account using a second iCloud account and Apple would not know it was me (I'm not sure if I would have to get a different credit card, but that couldn't be too difficult. Everyone is allowed multiple credit cards.)

    I don't think people really understand how difficult it is to know who you are dealing with on the Internet. There are ways to achieve what you want, but they cost time and effort and money. Even Apple, with all its billions, doesn't go the level of effort to really know who its users are.
    watto_cobra
  • Reply 12 of 29
    Eric_WVGGEric_WVGG Posts: 895member
    ★★★★★ impressive flex, much balls
    watto_cobra
  • Reply 13 of 29
    AppleZuluAppleZulu Posts: 1,103member
    I recently bought (and quickly returned) an IR hub device that was to be run by a third-party iOS app. As none of the branding was anything familiar to me, I read the user agreements closely and found the very interesting idea within that the user would be agreeing to codes of speech and conduct that were compliant with and affirming of the Chinese constitution. The agreements were written in good enough English that they didn't appear to be auto translated, which would suggest that they were written for non-Chinese users. One wonders what the purpose of that would be. Presumably none of that would be enforceable outside of China, but I do wonder how many people have clicked right through and agreed to all that. I wasn't one of them.

    I'm not sure how the app store review would catch that sort of thing, but I do wonder if there are any app store rules against it.
    watto_cobra
  • Reply 14 of 29
    22july201322july2013 Posts: 2,399member
    AppleZulu said:
    I recently bought (and quickly returned) an IR hub device that was to be run by a third-party iOS app. As none of the branding was anything familiar to me, I read the user agreements closely and found the very interesting idea within that the user would be agreeing to codes of speech and conduct that were compliant with and affirming of the Chinese constitution. The agreements were written in good enough English that they didn't appear to be auto translated, which would suggest that they were written for non-Chinese users. One wonders what the purpose of that would be. Presumably none of that would be enforceable outside of China, but I do wonder how many people have clicked right through and agreed to all that. I wasn't one of them.

    I'm not sure how the app store review would catch that sort of thing, but I do wonder if there are any app store rules against it.
    That's interesting. So is this: the ruling Chinese Communist Party (CCP) has a documented history of violating many of the constitution's provisions and censoring calls for greater adherence to it. Claims of violations of constitutional rights cannot be used in Chinese courts. And the legislative committee responsible for constitutional review has never ruled a law or regulation unconstitutional. This is what you get in a one party system without fair elections and without an independent judiciary. If the constitution of China isn't enforceable inside China, then it isn't enforceable outside China either.

    If you don't agree with most of that paragraph, don't take it up with me, go edit the 
    source:

    https://en.wikipedia.org/wiki/Constitution_of_the_People's_Republic_of_China
    FileMakerFellerbaconstang
  • Reply 15 of 29
    sflocalsflocal Posts: 5,653member
    Xed said:
    sflocal said:
    I rarely use any 3rd-party apps. 
    Really? You don't have any apps for financial apps, retail apps, or any other of the countless and common 3rd-party apps from well known corporations on your device? You're pretty much a stock iPhone with your apps?
    I should have clarified my prior statement.  I do have a handful of apps for my bank, parking meter, Amazon, etc.. just the basics.  I have all the stock Apple apps placed into one folder to streamline space.  My entire iPhone apps covers two screens.  That's it.
    macplusplusXedwatto_cobra
  • Reply 16 of 29
    dysamoria said:
    dormlock said:
    Stuff like this slips the review process cause the developer used a remote configuration to turn off the features they don't want the reviewers to see. Once it passes review and is released they updated the config to turn them on. Maybe apple should consider a post release review process with a randomized time for check
    Is this proven? It’s an interesting notion, as I was coming here to ask how Apple’s review process could possibly miss this, and what you said here is certainly a good answer if accurate.
    It's exactly what Epic did to offer their "pay Epic directly" functionality.
    baconstang
  • Reply 17 of 29
    sflocal said:
    Xed said:
    sflocal said:
    I rarely use any 3rd-party apps. 
    Really? You don't have any apps for financial apps, retail apps, or any other of the countless and common 3rd-party apps from well known corporations on your device? You're pretty much a stock iPhone with your apps?
    I should have clarified my prior statement.  I do have a handful of apps for my bank, parking meter, Amazon, etc.. just the basics.  I have all the stock Apple apps placed into one folder to streamline space.  My entire iPhone apps covers two screens.  That's it.
    Same. I count 16 non-stock apps on my phone and they are all from household names, major corporations. Nothing made by some random one-person app dev shop. And certainly no games.
  • Reply 18 of 29
    sflocalsflocal Posts: 5,653member
    sflocal said:
    Xed said:
    sflocal said:
    I rarely use any 3rd-party apps. 
    Really? You don't have any apps for financial apps, retail apps, or any other of the countless and common 3rd-party apps from well known corporations on your device? You're pretty much a stock iPhone with your apps?
    I should have clarified my prior statement.  I do have a handful of apps for my bank, parking meter, Amazon, etc.. just the basics.  I have all the stock Apple apps placed into one folder to streamline space.  My entire iPhone apps covers two screens.  That's it.
    Same. I count 16 non-stock apps on my phone and they are all from household names, major corporations. Nothing made by some random one-person app dev shop. And certainly no games.
    It's just shameful how many of these "entertainment" apps were thinly-veiled scams.  Apple really needs to step up and start cracking-down on these rogue developers.  We should expect the same level of quality from their apps as we do their Macs/iPhones/Services. It's a total s**thole.
  • Reply 19 of 29
    XedXed Posts: 970member
    sflocal said:
    Xed said:
    sflocal said:
    I rarely use any 3rd-party apps. 
    Really? You don't have any apps for financial apps, retail apps, or any other of the countless and common 3rd-party apps from well known corporations on your device? You're pretty much a stock iPhone with your apps?
    I should have clarified my prior statement.  I do have a handful of apps for my bank, parking meter, Amazon, etc.. just the basics.  I have all the stock Apple apps placed into one folder to streamline space.  My entire iPhone apps covers two screens.  That's it.
    I’m only at two pages. I do have a a handful of folders but the biggest one is filled with stock Apple apps I don’t use much.

    Until I got addicted to Bricks Ball Crusher I didn’t have a single app that kept me to make in-app purchases or push ads between rounds. I paid their $2.89 to remove ads but it doesn’t even come close to remote all the ads so I contacted the App Store and had the charge reversed.
  • Reply 20 of 29
    ericthehalfbeeericthehalfbee Posts: 4,268member
    sflocal said:
    I wish Apple would not only remove the apps, but ban the actual individual/developer so they can't ever create another ID.  I know that's wishful thinking, but just like being in prison - the individuals responsible for scamming people via iOS apps should never be allowed to create iOS apps again and it would send a message to other developers that  if you attempt to deceive people, you too will get the boot. 
    I did pay for the developer license one year, but didn't do very much with it. The way it worked, if I recall correctly, was I used my iCloud account and the associated credit card to pay for it. There was no additional identification. Apple never met me or saw any ID from me. Since that's the case, how would Apple "ban the actual developer?" I could reapply for a second developer account using a second iCloud account and Apple would not know it was me (I'm not sure if I would have to get a different credit card, but that couldn't be too difficult. Everyone is allowed multiple credit cards.)

    I don't think people really understand how difficult it is to know who you are dealing with on the Internet. There are ways to achieve what you want, but they cost time and effort and money. Even Apple, with all its billions, doesn't go the level of effort to really know who its users are.

    There’s more to it than that. If you’re an individual you need to get a TIN (Tax Identification Number) which you get from the IRS. Doesn’t mean people can’t create fake accounts to make scam Apps, but you don’t just make an iCloud account and start selling and raking in money. 
Sign In or Register to comment.