With so much focus on the App Store at the moment, Apple’s leading argument is that its App Store review policies offer security and safety for users. However, unscrupulous apps continue to slip through the net and rake in millions from Apple customers before being caught.

One of the biggest drivers of these scams is the use of fake reviews to prop up apps that otherwise wouldn’t get a second look. A common pattern for such an App Store scam is to make a very simple app targeting popular search keywords, attach aggressive subscription pricing to it, and make it rise high in search results by faking hundreds of 5-star App Store reviews …

The latest example of this comes once again via Kosta Eleftheriou. Today, he drew attention to an app called My Pulse-Heart Rate Monitor.

The app does “work.” This is not a case where App Review approved something it shouldn’t have. The app ostensibly reads your heart rate by placing your finger on the camera lens. It isn’t the first app to do this by any means. Of course, the heart rate readouts are way more inaccurate than the dedicated heart rate sensor on the Apple Watch, but the app will give you a reading that is vaguely close to your actual heart rate.

However, it does forcefully push paywall screens on users. Upon app launch, you are invited to start a subscription plan. You can dismiss the upgrade screen and take one heart rate reading before being prompted to upgrade again. The available subscription tiers are not cheap: priced at $6.99 per week, $16.99 per month, or $69.99 per year.

Although the upgrade options and pricing are transparently presented, the developers are clearly hoping that users press onward and start a subscription without really paying attention to what they are doing. The three-day free trial on the weekly subscription helps to get people to subscribe without considering the actual consequences of what they are doing.

The essence of the scam is quickly acquiring a lot of downloads through manipulation of reviews and App Store search, and then tricking enough of the people who download it into signing up to a recurring subscription plan.

Let’s look at the fake reviews in this case. On the US App Store, the app has over 1,000 reviews with an average 4.1 rating. Eleftheriou points out that the vast majority of these reviews are illegitimate.

While these fake reviews give universally 5-star ratings, almost all of the other real reviews are one star or two star with users complaining that the app doesn’t work very well and balking at the high costs of the in-app purchases. (The developer only appears to have paid for fake reviews in the US. In other App Store regions, the overall rating is much lower. For instance, in the UK store, the app has a 1-star rating.)

So how on earth does this app have a 4.1 rating?

Take a look at these streams of glowing 5-star reviews, many appearing on the exact same day.

Notice how they all have roughly the same length, and non-sensical author names – all with the same “First Last” name format: pic.twitter.com/Ldp2B5Kd9k

— Kosta Eleftheriou (@keleftheriou) April 12, 2021

In fairness to Apple, the fake reviews are not so blatantly fake. They are written in reasonably well-formed English. It is possible to see how they could bypass an automatic spam filter algorithm. However, more rigorous human oversight can easily weed these out falsifications.

So, what could be done better here?

While it would be impossible for Apple to police the reviews and ratings of every app in the App Store by hand, with thousands more new apps being submitted every month, I think the takeaway here is that Apple needs to do a better job at scrutinizing apps that are rising in the App Store charts.

This heart rate app is currently the 335th top-grossing app in the entire App Store, estimated to have already brought in over a million dollars in revenue. Perhaps when an app breaks into the top 1,000 chart for the first time, it should get a comprehensive manual review of all app functionality, pricing, and metadata. This would double down on Apple’s claims that the App Store is the best and safest way for users to discover and enjoy third-party software.

It would also help a lot if Apple overhauled the system UI when customers sign up for subscription in-app purchases. This requires one-time investment from Apple in redesigning the purchase flow and could prevent a lot more people from getting misled into signing up for costly subscription plans without realizing, cutting down on the revenue streams that these scams feed off of.

For instance, the App Store could send a push notification when it is going to bill the first renewal of an app’s subscription, giving the user a second chance to confirm that they actually want to commit to a recurring purchase of $x/week/month/year. My colleague Parker Ortolani mocked up some concepts of what this might look like earlier this year.