A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads

Dan Goodin, ArsTechnica:

> Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play. If those apps were able to steal any money from the users, that’s where solutions such as fund recovery services come in to save the day.

And:

> To prevent users from uninstalling them, the apps hid their icon, making it hard to identify where the ads were coming from.

Hmm. I wonder how an iOS app gets away with that. This purely the Android versions?

> The apps came to light after a girl found a profile on TikTok that was promoting what appeared to be an abusive app and reported it to Be Safe Online, a project in the Czech Republic that educates children about online safety. Acting on the tip, researchers from security firm Avast found 11 apps, for devices running both iOS and Android, that were engaged in similar scams.

And:

> A Google spokesman said the company has removed the apps, and Web searches appeared to confirm this. Several of the apps for iOS appeared to still be available in the App Store as this post was being prepared.

Definitely a hole in iOS App Store oversight.

From Avast press release:

> The iOS and Android apps appear to be developed by the same person or group. The links promoted on the social media profiles lead to the iOS or Android versions of the apps, depending on the device the link is being accessed from.

Seems like once they got one of these apps, they should ban all the rest from the same developer.