App hunter/developer Kosta Eleftheriou, known for spotting egregious scams that pass Apple’s review process, has once again drawn attention to a new crop of shady apps being smuggled through the App Store. This time, they’re on the Mac, using popups that make it extremely difficult to close an app without agreeing to outrageous subscription prices — all without Apple noticing, despite the App Review’s argument. process keeps devices and users safe.
The app that started the hunt, which seems to have been discovered by Edoardo Vacchi, is called My Metronome. According to Vacchi, Eleftheriou, and user reviews, the app crashes and you can’t close it using keyboard shortcuts or the menu bar until you agree to a $9.99 per month subscription. (It can be forced to stop, though.) Eleftheriou told The edge that it “seems like this developer has been experimenting with different techniques over the years to prevent people from closing the paywall”, pointing us to several other apps still in the store with similar behavior – we’ll get to that in a moment back.
Some time after Eleftheriou tweeted about My Metronome, the app had apparently been removed from the store. When I try to open the link, I get a message that it is no longer available in my region. (Although, to be clear, you probably shouldn’t try to download it or any of the apps we’re talking about.) Apple didn’t respond. The edge‘s request for comment as to whether it was whoever removed the app, or how it endured App Review in the first place.
However, the story does not end there. As developer Jeff Johnson discoversThe company that made the metronome app, Music Paradise, LLC, has a connection with another App Store developer, Groove Vibes. According to the privacy policies on the websites of both developers (which are linked on their App Store pages) it says that they are registered at the same address and that both mention the same legal entity, Akadem GmbH.
The edge decided to test these apps ourselves, so we launched the Mac App Store and downloaded Music Paradise’s other app, Music Paradise Player, along with Groove Vibes’ full catalog of Mac apps. They all had an instant popup asking for money in the form of a recurring subscription (usually around $10 a month, give or take a few dollars). Three of the Groove Vibes apps worked properly – you could exit them from the menu bar or by pressing Command+Q.
However, two apps from the developer, along with Music Paradise Player, have grayed out the quit option on the menu bar and won’t let you hit the standard red close button. Shortcuts didn’t help either; they stayed open even while I spammed Command+Q, Command+W, and the escape button.
The apps don’t completely close you off your computer like the ransomware that often makes the news, because there are other ways to close them even if you don’t know how to force quit. Music Paradise Player has an “X” button on the offer screen and once you press it, the subscription screen disappears and you can exit the app normally. FX Tool Box has a little “Maybe Later” button that does the same thing. All To MP3 Converter has a similar “just leave me in the app so I can close” button, but it’s by far the worst offender when it comes to hiding it. It’s a snippet of text that reads ‘continue limited edition’ nestled among other bits of text, with no obvious sign that it’s actually a link.
But the fact that a savvy user could close these apps if necessary does not excuse their existence in the store. In theory, App Review should have tried them out and rejected them for violating Apple’s guidelines. It’s frustrating to watch these apps slip through Apple’s net when there are plenty of other examples where developers are being tricked for seemingly random reasons (or even to follow Apple’s lead).
But Apple has let plenty of other scammy apps that blatantly break the rules slip through the cracks. Eleftheriou previously discovered an iPhone app that won’t work unless you give it a good review, as well as games for kids that turned into real gambling apps in one country. The company has updated its policies in an effort to make building scam apps less attractive, but it’s having a hard time actually enforcing those rules.
At the same time, Apple continues to argue that iPhone owners should only be able to install apps from their store so they can research the software. The company strongly opposes legislation that would force it to allow sideloading or installing apps from other sources, saying the lack of an App Store monopoly would expose users to all sorts of scams and malware. (When we audited last year, the App Review team had just 500 people, tasked with the formidable task of ensuring that every app in the store follows the rules.)
Making matters worse, in the case of the apps we tested today, there’s no obvious way to report them from the Mac App Store. Apple added a “Report a Problem” button to the App Store on iOS and said it would be in Monterey, but my Mac is fully up to date and I can’t find it anywhere. l can Report apps by going to reportaproble.apple.com, logging into my Apple account and going through the process, but frankly that’s not something most people are going to do.