Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

iOS app bait-and-switch scams made harder by Apple

A classic example was described by TouchArcade almost a year ago. Pokemon Yellow appeared in the App Store, complete with perfect-looking Pokemon screenshots. But Pokemon games belong to Nintendo; and Nintendo has always said that it won’t release apps. iOS users are Pokemon-starved – and they rapidly grabbed the opportunity making Pokemon Yellow leap to number three in the paid-for chart. The developers consequently made a lot of money very quickly; but the app itself was rubbish. It certainly wasn't the app that buyers were expecting based on the screenshots.

“We gave this a download,” wrote Brad Nicholson for TouchArcade, “and can happily report that it crashes out immediately after its splash screen crops up. Users in its reviews have reported that it crashes on every device under the sun, so please don't even try this out.” This is classic bait-and-switch: the professional Pokemon screen-shots are the bait, but the rubbish app is the switched delivery. Apple pulled the app shortly after the TouchArcade report.

Now Apple has announced that such scams will no longer work – at least not from the App Store. It announced yesterday on its Developer site, “Beginning January 9, app screenshots will be locked in iTunes Connect once your app has been approved. New screenshots may be uploaded when you submit a binary for an update to an existing app or a new app.” In other words, scammers will no longer be able to get their common-or-garden (or worse apps) approved with genuine screenshots, but promoted by switched out false screenshots.

“This small but important update shuts down a widely used scam tactic, where developers would upload game screenshots to get an app approved by Apple and then switch them out with screenshots from another popular app,” notes MacRumors.

While this will limit bait-and-switch scams for apps downloaded from the App Store, the tactic will remain common on third party stores for jailbroken devices. Users should still remember the time-honored security adage: if it looks too good to be true, it probably is.

What’s Hot on Infosecurity Magazine?