Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store. The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps.
Apple’s Australian App Store published a story called “Slime relaxations” highlighting a certain category of apps. But according to some developers and observers, some of those apps have very high subscription fees despite not providing much functionality.
Take an app with the cumbersome moniker “Jelly: Slime Simulator, ASMR,” for example. Unless users subscribe, the app is filled with ads; it plays more than one in succession before allowing the user to interact with it in any meaningful way. A report by MacRumors said the app “features a $13 per week subscription” to remove those ads. (When we downloaded the app ourselves, we were prompted to subscribe for nearly half that, at $7.99 per week. It’s unclear to us whether the prices have changed since the initial reports or if it is a regional pricing difference.)
In either case, as MacRumors also pointed out, Apple’s App Store Review Guidelines explicitly say that Apple will “reject expensive apps that try to cheat users with irrationally high prices.” Obviously, that is subjective and open to interpretation, but some developers argue that this app and others featured in the “Slime relaxations” story cross that line.
These are not new problems. Back in February, developer Kosta Eleftheriou pointed out a scam app for the Apple Watch that was bolstered by fake reviews. Apple removed the offending app after Eleftheriou’s observations were widely reported on Twitter and in media. But Eleftheriou and other developers went on to identify even more scam apps.
Apple defended its efforts to keep scam apps off the App Store in a statement provided to The Verge as the press reported on Eleftheriou’s findings:
We take feedback regarding fraudulent activity seriously, and investigate and take action on each report. The App Store is designed to be a safe and trusted place for users to get apps, and a great opportunity for developers to be successful. We do not tolerate fraudulent activity on the App Store, and have stringent rules against apps and developers who attempt to cheat the system. In 2020 alone, we terminated over half a million developer accounts for fraud, and removed over 60 million user reviews that were considered spam. As part of our ongoing efforts to maintain the integrity of our platform, our Discovery Fraud team actively works to remove these kinds of violations, and is constantly improving their process along the way.
Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took “1-2 days” on the Android side. The app was allowed back on Apple’s App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.
As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple’s own, claims from developers that scam apps are slipping through may undermine Apple’s defense. The company has ample incentive to stop the scam apps, and the will seems to be there. But the processes Apple uses to achieve that goal appear far from perfect, and as a result, both users and legitimate developers are at risk.
Given what’s at stake for Apple in addressing this problem, it’s hard to imagine that the examples developers have discovered are cases of malice rather than incompetence. But for developers and users, the consequences may often be the same.