Beware of these 5 kinds of mobile app fraudVendor Guru Columnist, April 18, 2012
Buyer beware: Consumers are reporting financial traps in the mobile apps marketplace, such as virtual currency scams involving Apple's App Store. The New York Times explains that the App Store, with more than half a million applications, is an irresistible target for scammers.
Researchers from Regions Bank estimate that the typical identity theft case costs a consumer as much as $631 per incident. However, mobile app fraud takes a more insidious approach, usually draining bank accounts a few pennies at a time. The most famous cases involved developers who got too greedy, scamming users for thousands of dollars or even stealing their identities. Here are some other curious characters in the shady world of mobile application fraud.
1. The impostors
"Angry Birds" developer Rovio recently chased off an impersonator from the Android Market. According to James Cushing at The Gadgets, a team called Zinky has uploaded dozens of rip-off apps. Watch out for names like "Angry Birds 3D," "Call of Duty Zombies" and even "DirecTV 1.3." Fake apps usually cost a fraction of the originals, or may even be free, but they break down after a few minutes of use. With just 99 cents on the line, few users feel compelled to complain, sweetening the pot for rip-off artists.
2. The berry farmers
Kids can download Capcom's "Smurfs' Village" app for free, usually with their parents' iPhones. Over time, players have to purchase Smurfberries via in-app transactions to extend the game. As the FTC launched an investigation, thousands of parents dragged their kids by the ear into Apple Stores, demanding refunds. Some players racked up thousands of dollars in charges from pressing "buy" any time the software asked.
Some developers claim that parents must be responsible for their children's actions. Less ethical coders exploit the fact that kids like to tap "continue." Hundreds of copycat applications encourage kids to load up on coins, jewels, credits and other costly in-app purchases. Apple now requires customers to enter passwords more often, while urging parents to keep passwords secret from children.
3. The spies
Think your online information is safe? Users discovered this year that the mobile social networking application Path had shared the contents of their iPhone address books with company servers, without their knowledge. Path has apologized and promised to purge the company's systems of all uploaded data.
Apple and Google now warn users when an app tries to access private data. However, that doesn't stop apps from asking for permission. Symantec's Peter Coogan cites the case of Stevens Creek Software, whose apps requested system passwords to complete installation, usually punting users into an endless loop of spam. Hackers use similar Trojan Horse applications to access email and social media accounts.
4. The texters
Years ago, malware would hijack modems and place expensive long distance calls to countries with names that Americans could barely pronounce. The scam's back, with a new millennium twist: expensive text messages, which users still can't understand. CNET's Elinor Mills chronicled the growth of "RuFraud" apps during the Christmas shopping season (so named because the scam originated in Russia). These scams pose as familiar titles, like "Sim City" and "Need for Speed," which text toll numbers on launch.
Other apps cram monthly fees onto wireless bills, touting SMS information services. Contractual fine print makes this practice legal, despite complaints. Signing up for mobile apps can increase the likelihood of spam text messages, warns the Oklahoma Attorney General.
5. The rock stars
One scam crashed when an unknown called DJ Denver was seen earning royalties you would expect from a star like Madonna. Investigators pounced on a team of 11 scammers who used stolen iTunes accounts to purchase singles they had uploaded through third-party digital music distributors like TuneCore. TuneCore's invitation to pick up a hefty payment in person landed the ring in jail instead of on a private jet.
Steering clear of mobile app fraud
Apple, Google, the FTC and even the Department of Justice are wrestling with the growing need for app store security. In the meantime, you can go on the defensive to protect yourself and take some preventive measures:
- Beef up passwords. Chinese hacking bulletin boards sell lists of iTunes and Amazon accounts with easily guessed passwords.
- Keep track: Watch pricing closely. Knockoff apps borrow icons, images or names of more expensive apps. Symantec suggests checking the publisher's name on free apps.
- Pay attention. System warnings and requests for passwords can mean an app wants to escape its sandbox.
Consumer advocates and state investigators already worry that mobile app fraud could reach into the real world, as scam artists impersonate lost children or government grant issuers using stolen phone data. Exercise caution when buying and using mobile apps -- it could prevent much more than some inconvenient calls to the bank.