Hacker News
iOS Fitness Apps Stealing Money Through Touch ID

Two iOS fitness apps “Fitness Balance” and “Calories Tracker” have been found using nefarious tactics to scam users out of money. The apps would ask users to provide fingerprint ID in order to continue accessing their data. When the user uses the fingerprint option, their card will be automatically charged for $99-$119.
These apps can exploit all users not on iPhone X and above since the new phones with faceID have a double-click option for Apple Pay. Any users using older iPhones would be charged if using the fingerprint on the app.
The apps received many positive reviews, the Fitness Balance App had an average rating of 4.3, along with many 5 star reviews. It is believed these reviews are fake reviews generated by the developers in order to make the apps seem more legitimate and encourage more people to download. This is a common technique used by scammers.
When users attempt to contact the developers, they received an automated response saying:
“Hello dear user:
I am aware of this issue. I’m working hard to fix it. Please wait for version v1.1, everything will be fixed in that version.
Thank you!”
The malicious apps have now been removed from the App Store, and affected users can contact Apple for a refund by following this link.
Although these scams aren’t common on the App Store and Apple works quickly to remove them, they are difficult scams to protect yourself against without disabling key features. iPhone X users are recommended to use double click for payments, and users on older iPhones are encouraged to disable fingerprint Apple Pay payments if they are concerned about falling victim to these scams.