In yet another example of fake apps trying to scam users, multiple iOS fitness apps have been removed from the App Store after they were found trying to deceive users and charge a fee ranging from $99 to $139. WeLiveSecurity recently discovered that the apps asked users to use Touch ID to collect health data, but instead, they used the fingerprint data to authenticate a payment.
The hack is quite simple and takes advantage of the fact that a large number of users utilize Touch ID for authenticating a payment. Moreover, the fast authentication speed makes it more convenient for the fraudsters to send a payment confirmation pop-up, and before users can completely process what is happening, the payment has already been completed using their fingerprint data.
