Written by Lysa Myers, Security Researcher at ESET
There’s nothing new about advertisers and app developers using deceptive practices, but the Touch ID scam that Lukáš Štefanko wrote about recently is a significant twist in this ongoing story. Of course, iOS users are not alone in facing these dilemmas; as Lukáš wrote earlier this year, Android users are experiencing their own flood of predatory app tactics too.
What can we do to protect ourselves against these fraudulent practices?
Be aware of the limitations of app store review processes
The policies and review procedures of major app stores do keep out a large number of fraudulent apps. While there are always more things they might and probably should be doing to continue to improve this problem, it is an ongoing learning process for all of us.
Due to the incredibly large total number of apps and updates that each major app store sees every day, much of the work involved in the review of new submissions is automated. This means that each app likely has functionality that will not necessarily be seen by a human or be tested specifically. Even very well-known and more-or-less legitimate app vendors have been caught doing things to try to evade having certain functionality reviewed. This means it’s still crucial to do our own due diligence.
While most scam apps do in fact include numerous positive reviews, these often show signs of phoniness. The wording may be very vague, downright nonsensical, or exhibit repetitive patterns (including different reviews repeating the same phrases or having similar usernames, for example). It’s a good idea to re-order the ranking options on reviews to see a more balanced picture: depending on the particular app store, you can sort the reviews to see those that have been deemed “most helpful” or that are ranked “most critical” first.
The best time to figure out whether an app is a scam is before you download it. While it may be hard to calm the fear of missing out, it’s best to wait a few days or weeks before downloading brand new apps, to let other people be the “guinea pigs”. This way you can read what other people have to say about the app’s functionality before making a decision.
Use apps by developers you know and trust
If at all possible, it’s a good idea to stick with reputable app developers. If you’re new to a platform, that may be easier said than done. In that case, it’s a good idea to do a little more research first, to get a better sense of whether a particular developer already has other well-reviewed and popular apps that are currently available for download.
Be aware of valid functionality
While it can be hard to keep up with the complete picture of what each new device can do, it’s a good idea to be at least somewhat aware of the functionality of your device. For example: fingerprint data are not accessible to apps, only a “yes” or “no” verdict about whether your fingerprint matches the one previous stored on your device. This is to say that apps cannot use a scan of your finger to give advice on calorie data, nutrition information, how much water you should drink, or to present ancestry analysis. (It’s worth noting that you couldn’t really get valid information on any of those things from a scan of your finger even if the app could access those data.)
If your phone has existing functionality like a QR reader or a flashlight app, it might not be a good idea to install an app that does that exact same thing, especially as many of these apps have a history of being problematic. If you’re looking to specifically try a different app than one your phone already has – like a mail reader or an internet browser – be sure to read some third party reviews first, to see which options are well-reviewed and popular.
There are a variety of things you can look at to find information that might indicate a predatory app. Do the developers have other apps available already, and are they reviewed well? Do they have a website that appears professional, including contact information? What results are returned if you do an internet search for the name of the app or developer plus the word “scam”? Can you find more information on third-party sources regarding subscription rates or in-app purchase prices? (Apple may offer information about the latter within the app description.) Does the app purport to give you a free or discount version of more expensive for-fee app? (These scams often cost more than just money!)
Request a refund and report bad actors
If you’ve gotten as far as having already downloaded an app that turned out to be a scam, ask the app store or the bank attached to your payment card to refund the charge. If the purchase was in the form of a subscription, this may be more complicated, but it will soon become worth your time and effort to have gone through the entire process. You can also report fraudulent apps to the app stores themselves, as well as contributing reviews that describe your experience.
It’s time to push back against “dark patterns”
Many of us already vote with our wallets when it comes to sub-optimal software behavior, by choosing not to purchase or support companies that fail to consider privacy or security, or that behave in ways that we consider too predatory or problematic. But there is another area that more people should be aware of, that describes a more understated category of sketchy behavior.
“Dark patterns” describe the scenario where a user interface is designed to intentionally trick or emotionally manipulate you into clicking where otherwise you might not. In the case of the Fitness Balance app, it takes advantage of the fact that the Home button on some iPhones or iPads can serve two purposes: your finger is already resting on a (fingerprint) sensor in a way that can also be used to select an option on the screen. Newer versions of the iPhone require you to make two distinct actions for these things; you must take your finger off the sensor for a moment after a fingerprint scan, before it can be used to select an option.
Some dark patterns are much less obvious, because they take advantage of expectations that we may not be consciously aware that we have, or because they cause us to be more inattentive. Here are a few examples of scenarios in user interfaces that predatory app makers may try to manipulate:
- we expect an “Accept” option to be the bigger or more obvious one
- we may rush decisions if we’re overwhelmed or frustrated
- we may be less cautious of what’s on our screen if we’re trying to brush away detritus
- in many cultures, we expect red to mean “stop” and green to mean “go”
- we expect a “close” button to appear in certain predictable locations
- buttons may be labeled in ways that makes their meaning unclear
In cases where emotional manipulation is in play, there may be a confirmation dialog that tries to guilt-trip or scare you into changing a selection. This is where things can get a little nebulous: when is it a legitimate warning, rather than unnecessary fearmongering? This can be something of a value judgment, which is subject to our own interpretation. Whatever you decide, you can let software vendors know that you value a clear and predictable user experience that does not rely on fear, uncertainty and doubt.
UAE Entrepreneurs Launch Private Messaging App
UAE-based entrepreneurs have launched a private messaging app, which enables users to send voice and written messages that disappear as soon as they are sent, read, and played. “The application called Oh!Message, brings users back to the classical period of simple communications tools, but by using the best privacy-enhancing features, to be the first chat application with this high privacy developed in the ME region by Arab expertise,” said Mohammed Othman and Haian Nayouf, the makers of the app.
With this free app, the sent message will disappear from the sender’s account after 10 seconds if it is read by the recipient or not, and it will also disappear from the recipient’s account after 10 seconds of opening or playing it. The message will be destroyed completely within the application and will not be stored on the app servers. Each written message is limited to 100 characters while the audio message is 10 seconds.
“Oh!Message is end-to-end encrypted but it has also other features that make it the most private app among messaging apps,” said Engineer Mohammed Othman, Co-Founder and Chief of Technology at Oh!Message. “In this app, which is available in Apple and Android stores, the user doesn’t appear online while using it, and his/her location is not tracked.”
“The first period of the app launch is in the UAE, the Gulf region, and Arab countries,” said Haian Nayouf, Co-Founder and Chief of Communications at Oh!Message. “The UAE is the capital for talent, companies, and investments in the areas of digital and technical excellence globally, and this has greatly motivated us to work on this project in UAE, and the app is the first of its kind in the Arab world with these strong privacy features.”
Taiwan’s First International Streaming Platform Called Taiwan+ is Now Live
Taiwan Plus (Taiwan+), the first English-language international streaming platform of Taiwan, was unveiled by Vice President Lai Ching-te, Legislative Speaker You Si-kun, Culture Minister Lee Yung-te, Central News Agency (CNA) Chairman Liu Ka-shiang, Taiwan+ CEO Joanne Tsai, and H.E. Ambassador Jasmine E. Huggins of Embassy of Saint Christopher and Nevis at the National Taiwan Museum in Taipei on Aug. 30.
Targeting an English-speaking audience, Taiwan+ consists of media professionals from the U.S., the U.K, Canada, France, and Australia, as well as local industry professionals, who work collaboratively to deliver the latest news about Taiwan, international affairs, and covers a wide range of topics. The platform also sources stories from Taiwan’s public and private media organizations.
Golden Melody-award-winning singer Sanpuy Katatepan Mavaliyw opened the event with a music performance. Held with COVID-19 prevention measures in place, the event was joined by representatives including Izumi Hiroyasu from Japan, Jordan Reeves from Canada, Andrew Wylegala and Don Shapiro from the U.S., and Henry Chang and Giuseppe Izzo from Europe.
H.E. Ambassador Jasmine E. Huggins of the Embassy of Saint Christopher and Nevis in Taiwan said the international video platform is expected to connect Taiwan with the world. President Tsai Ing-wen expressed her pleasure to join the launch of Taiwan+ with a video message, saying “Taiwan+ is an exciting new initiative to tell Taiwan’s story. Generations of Taiwanese fought to transform this country into a vibrant democracy that protects freedom of speech and expression.”
Premier Su Tseng-chang wished the platform success. He stressed that Taiwan is a democratic and free country guided by the rule of law, and cares about universal values of human rights, freedom of speech, and diversity, noting that this is why many countries are willing to make friends and do business with Taiwan. Vice President Lai said, “I hope that the platform can be the starting point from which the world learns about what Taiwanese people think and want, what Taiwan is doing, and what we can contribute to the world.”
Legislative Speaker, You noted that, with China’s intimidation and political oppression against Taiwan, the establishment of Taiwan+ allows Taiwan to tell its stories to the world through its voices. Taiwan+, a project commissioned by the Ministry of Culture to the CNA, marks an important milestone in the country’s history of mass media, Minister Lee said. He expressed his gratitude to legislators and professionals for making this happen.
“I hope to make this platform a form of expansion, connection, and infinite possibilities, just like how Taiwan incorporates ethnic, cultural and linguistic diversity, and introduce Taiwan to the world through dynamic storytelling and news,” said Tsai, a senior media professional with over 25 years of experience in international media outlets, such as NBC/CNBC, National Geographic, and Fox International Channels.
The content of Taiwan+ can be played on the Taiwan Plus app or viewed on its website and social media platforms, such as Facebook, YouTube, Twitter, and Instagram.
“Selfdrive” Launches Smart Mobility App
Selfdrive, an entity of Pinewoods Tech Serve, has launched an all-in-one Smart Mobility App. The app is serving as a game-changer for the car rental space offering its users a seamless, reliable, and convenient mechanism to rent a car on demand. The cutting-edge mobile app provides direct access to dealership fleet to its users, allowing them to rent a car by the day, subscribe by the month, or lease a car up to 3 years, offering complete flexibility in booking duration.
The company to date has served over 50k customers and witnessed a 30% MoM growth in customer base in the past six months. The app is built on a proprietary tech foundation concept, Search – Select – Pay, that uses machine learning and artificial intelligence to match customers’ profiles with the cars that they would like to drive, making the selection process and renting a car absolutely seamless experience.
This app is available to download on Android and iOS, which offers users the option to select from 65 different car models across 15 different car brands from 45 different locations in the UAE within three hours. Some of the key brands available to rent are Nissan, Toyota, Mitsubishi, Renault, Mazda, Infinity, Volkswagen (VW), BMW, and many more.
Speaking about the launch of its app, Soham Shah, CEO, and Co-Founder of Selfdrive said, “As one of the largest car rental service providers in the UAE, we strive to offer exceptional service to our customers every step of the way. We bring together exclusive offers on the app starting from AED 49 per day and AED 999 per month. That’s not all, with the launch of ‘Lease Pro’ in this app, users can now rent a brand new ‘Zero Km’ car under its 12 – 24 – 36 months subscription that would be exclusively registered on demand by the car dealer.”
“The smart mobility platform is a testament of our commitment to curate best deals on cars direct from the dealership, whilst making it possible for anyone to rent a car on demand and get it delivered too. This alleviates the hassle of going through multiple car rental agencies to find the best car models and rates on offer,” added Shah.
The Car rental market accounted for $86 billion in 2020 and is expected to reach $131 billion by 2026, projecting a CAGR of about 7% during the forecast period. Selfdrive launched in 2017 is the UAE’s largest car rental tech platform that has crossed 2000 cars on road.
Review: ASUS VivoBook 15 OLED (K513 OLED)
ASUS recently announced the updated VivoBook 15 with the latest 11th Generation Intel Core processors, ASUS Intelligent Performance Technology, and...
Review: Corsair Sabre RGB Pro Wireless Mouse
As part of its Champion Series, Corsair announced its latest Sabre RGB Pro Wireless Mouse on the market today. The...
Review: EZVIZ C8C Outdoor Smart IP Security Camera
Ever since people started working from home, there has been an increased demand for home security solutions such as security...
Review: ASUS ROG Zephyrus G14 Alan Walker Edition
We reviewed the new ASUS ROG Zephyrus G14 (GA401Q) way back in June 2021. This is a 14-inch laptop that...
Review: Viewsonic ID1330 ViewBoard Pen Display
Over the past couple of years, a lot has changed about how we work and learn. With educational institutes being...