Multiple apps posing as fitness-tracking tools were caught misusing Apple’s Touch ID feature to steal money from iOS users. The dodgy payment mechanism used by the apps is swift and unexpected, activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes, says ESET Southern Africa.
There are many apps that promise to assist users on the way to a healthier lifestyle. The apps until recently available in the Apple App Store under the names “Fitness Balance app” and “Calories Tracker app” might have seemed to do just that – they could calculate the BMI, track the daily calorie intake, or remind users to drink more water. However, these services came with an unexpectedly hefty price tag, according to Reddit users.
After a user fires up any of the abovementioned apps for the first time, the apps request a fingerprint scan to “view their personalized calorie tracker and diet recommendations” (Figure 1). Only moments after the user complies with the request and places his/her finger on the fingerprint scanner, the apps display a popup showing a dodgy payment amounting to 99.99, 119.99 USD or 139.99 EUR (Figure 2).
This popup is only visible for about a second, however, if the user has a credit or debit card directly connected to his/her Apple account, the transaction is considered verified and money is wired to the operator behind these scams.
Figure 1 – Scam apps in Apple’s App Store require users to scan their fingers for fitness tracking (Image source: Reddit)
Figure 2 – Dodgy payment popping up in “Fitness Balance app” and “Calories Tracker app” (Image source: Reddit)
If users refuse to scan their finger in “Fitness Balance app”, another popup is displayed, prompting them to tap a “Continue” button to be able to use the app. If they comply, the app tries the repeat the dodgy payment procedure again.
Despite its malicious nature, the “Fitness Balance app” received multiple 5-star ratings, had an average rating of 4.3 stars and received at least 18 mostly positive user reviews. Posting fake reviews is a well-known technique used by scammers to improve the reputation of their apps.
Victims already reported both of these apps to Apple, which led to their removal from the market. Users even tried to directly contact the developer of “Fitness Balance app”, but only received a generic response promising to fix the reported “issues” in the upcoming version 1.1
What can users do to avoid similar threats?
As Apple doesn’t allow security products in its App Store, users need to rely on the security measures implemented by Apple.
On top of that, ESET advises users to always read reviews by other users. As positive feedback is easily faked, negative reviews are more likely to reveal the true nature of the app.
iPhone X users can also activate an additional feature called “Double Click to Pay”, which requires them to double-click the side button (Figure 4) to verify a payment.
Those who already fell victim to this scam can also try to claim a refund from the Apple App Store
Netflix to make SA series
The world leader in streaming movies has announced the first South African production to join its Originals roster.
World leader in entertainment streaming services Netflix this week announced its first Original series in Africa, with South African series Queen Sono.
The news comes immediately in the wake of local rival Showmax announcing it’s first original drama production. In this context, it heralds a new phase in the evolution of streaming video-on-demand in South Africa.
The action-packed series follows Queen Sono, the highly trained top spy in a South African agency whose purpose is to better the lives of African citizens. While taking on her most dangerous mission yet, she must also face changing relationships in her personal life. The series will be created by Director, Kagiso Lediga and Executive producer Tamsin Andersson.
South African actress, Pearl Thusi, will star as Queen Sono, with the character having been created with her in mind. Thusi is also known for her performance in the romantic dramedy, Catching Feelings, available on Netflix.
“We are excited to be working with Kagiso and Pearl, to bring the story of Queen Sono to life, and we expect it to be embraced by our South African users and global audiences alike.” said Erik Barmack, Vice President of International Original Series at Netflix.
“We are delighted to create this original series with Netflix, and are super excited by their undeniable ability to take this homegrown South African story to a global audience. We believe Queen Sono will kick the door open for more awesome stories from this part of the world” added the director and executive producer of the series, Kagiso Lediga.
The series is due to start production in 2019.
Microsoft adds Chrome to Edge
Microsoft is working to build a new version of its Edge browser on the open-source version of Google Chrome, writes BRYAN TURNER.
After 20 years of backing Internet Explorer and its underlying software technologies, Microsoft has chosen to integrate Chromium, the open source version of Google Chrome. This announcement comes just three years after launching Microsoft Edge, the refreshed version of Internet Explorer.
“We intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers,” said Joe Belfiore, corporate VP at Windows, in a blog post on 6 December.
The change affects the back-end elements of the browser that run in the background to make the web pages work for the user. The shift includes scrapping Microsoft’s EdgeHTML rendering engine in favour of Chrome’s Blink.
Utilising the Blink engine will allow Microsoft to support versions of new Edge on Windows 7, 8 and 10, as well as a version for macOS. Belfiore said that the company had also started contributing to the Chromium open source project: “We’ve begun making contributions to the Chromium project to help move browsing forward on new ARM-based Windows devices.”
Microsoft’s move to Chrome has shifted the “browser wars” in favour of Google Chrome, as Opera and Edge will now both be using Chrome’s rendering engine.
“If you’re a Microsoft Edge customer, there is nothing you need to do, as the Microsoft Edge you use today isn’t changing. If you are a web developer, we invite you to join our community by installing preview builds when they’re available and staying current on our testing and contributions.” said Belfiore.
Edge’s project manager, Kyle Alden, confirmed in a Reddit thread that Chrome extensions will be compatible with the new version of Edge. It is expected to launch in a preview build in early 2019.