Over the past few days, security researchers have been alerting Mac users to the presence of apps available via the App store that will force them to pay subscriptions by disabling keyboard shortcuts and making the menu bar inaccessible.
The main culprit in this case – an app called My Metronome – is no longer available for download – but it's unclear whether it was removed by the developer or Apple themselves.
This kind of report doesn't bode well for Apple. The safety and security that comes with Apple's app store in general – as well as the company's App Developer Program – have been leveraged by Apple to thwart legal attempts to force the company to accommodate third-party app stores available on iOS.
Scam App Removed from App Store
The App in question – My Metronome – has now been removed from the App Store. Edoardo Vacchi, chief software engineer at Red Hat, first highlighted the app's shady tactics on April 12, with security researcher and fierce Apple critic Kosta Eleftheriou sounding the alarm on Twitter shortly after.
As Eleftheriou explains, the application “immediately asks you for money” – a $9.99 subscription fee – and then removes your ability to quit the app by disabling keyboard shortcuts and making the Mac menu bar inaccessible.
It must be said that it is possible to force quit the app, but not everyone trying to get out of paying the subscription fee may know how to do this, or even that this is a way to defeat their supposedly “locked” screen.
My Metronome is Not Unique
My Metronome isn't the only app that's been caught trying to fleece users out of money. In fact, the company that made My Metronome has developed at least one other app that effectively blocks you from quitting without subscribing.
Another app – called Audio Editor – has multiple reviews complaining about a similar sort of technique being used to con unsuspecting users out of hard-earned cash.
“The 74th top-grossing app in the Mac App Store is an audio editor with a $125 per year subscription and a rating of 1.9 out of 5” Mac and iOS developed Jeff Johnson pointed out on Twitter. In the same thread, Johnson identified several other apps that advertise themselves as free, that once downloaded demand a one-time in-app purchase in order to work.
Last year, the Washington Post found that out of 1,000 top apps on the app store, around 2% were scams – and they made a combined total of $48 million via downloads and in-app purchases. These statistics are not at all surprising considering users have only been able to report apps on the app store since October 2021.
Scam Apps Undermine Apple's Legal Arguments
Apple’s App review guidelines clearly state “apps that attempt to scam users will be removed from the App Store”, which includes “apps that attempt to trick users into purchasing a subscription under false pretenses”.
What's more, last year, the company tightened its App store guidelines by confirming that it would terminate accounts of developers that don't comply with the developer code of conduct.
Precisely why apps like My Metronome have been allowed to run wild, then, is unclear. The existence of such apps does seem to undermine a line of argument Apple has been pushing to maintain its power over the app market and prevent third-party app stores from being created and made available on iOS – that Apple’s macOS and iOS app stores are safer and more secure than anything else.
“Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store” Apple said in a report last year, released in light of pressure in both the US and UK to de-monopolize technology platforms.
The EU's Digital Markets Act includes a proposal relating to providing consumers with the freedom to sideload third-party apps onto their computer devices, including iPhones and other Apple products. If it garners support from EU members en masse – which commentators suggest it will – it could become law as early as October of this year.
The presence of apps like My Metronome, however, won't help the tech giant's case.