As smartphone authentication features have progressed from requiring to enter your account password or a short PIN to more recently fingerprint scanning or face scanning solutions, the ease of operating our smartphones has increased dramatically. This ease to use expands from mundane tasks including unlocking our smartphones multiple times during the course of the day to locking sensitive apps and data behind fingerprint or facial lock. One of the things that evolving ways of authentication on smartphones have improved is the time it takes for users to make purchases on the device, and then authorizing the purchase.
A process that usually took more than a few seconds in terms of complex passwords, to few seconds in terms of a four or six-digit PIN can easily be done in about a second with the help of fingerprint solutions and Touch ID. According to a new report, some apps are using this convenience to scam people into spending their money. Diving in the details of the report, two iOS apps with the names “Fitness Balance”, and “Calories Tracker” requested users to place their finger on the fingerprint scanner of their iOS-device to “create a personalized diet and other stuff” for about 10 seconds.
Watch: Apple iPhone XS, XS Max Hands On
Once the user placed their finger on the scanner, the apps requested for a $99.99 in-app purchase that was immediately approved as the user had already placed their finger on the scanner. These apps were highlighted by WeLiveSecurity blog by ESET, and later reported by The Verge. The report pointed that these apps are able to do this because of the seamless integration of the process in iOS.
The entire thing happens so quickly that by the time the user is able to mentally process what happened, the payment has already been approved by the system. After users started complaining about the apps on Reddit and other forums, Apple seems to have removed both the apps from the App Store in response.