Google today announced that Chrome will soon get a new feature that aims to stop mobile subscription scams. Those are the kind of sites that ask you for your phone number and that then, unbeknownst to you, sign you up for a mobile subscription that’s billed through your carrier. Starting with the launch of Chrome 71 in December, Google will pop up a prominent warning when a site doesn’t make it clear that users are signing up for a mobile subscription.
To make sure that developers who are legitimately using this flow to offer users subscription don’t get caught up in this new system, Google also published a set of best practices for mobile billing today. Generally, developers are expected to make their billing information visible and obvious to users, display the actual cost and have a simple and straightforward fee structure.
If that information is not available, Google will through up a prominent full-page warning, but users can always opt to proceed. Before throwing up the warning page, Google will notify webmasters in the Search Console when it detects a potential scam (there’s always a chance for false positives, after all).
This new feature will be available on both mobile and desktop, as well as in Android’s WebView.
Subscriptions have turned into a booming business for app developers, accounting for $10.6 billion in consumer spend on the App Store in 2017, and poised to grow to $75.7 billion by 2022. But alongside this healthy growth, a number of scammers are now taking advantage of subscriptions in order to trick users into signing up for expensive and recurring plans. They do this by intentionally confusing users with their app’s design and flow, by making promises of “free trials” that convert after only a matter of days, and other misleading tactics.
Apple will soon have an influx of consumer complaints on its hands if it doesn’t reign in these scammers more quickly.
However, the company’s focus as of late has been more so on getting developers to give subscriptions a try — even holding “secret” meetings where it evangelizes the business model that’s earning developers (and therefore Apple itself) a lot of money. In the meantime, a good handful of apps from bad actors have been allowed to flourish.
Utilities Top Grossing Apps are worst offenders
Today, the majority of the Top Grossing apps on Apple’s App Store are streaming services, dating sites, entertainment apps or games. But when you get past the market leaders — apps like Fortnite, Netflix, Pandora, Tinder, Hulu, etc. — and down into the top hundreds on the Top Grossing chart, another type of app appears: Utilities.
How are apps like QR code readers, document scanners, translators and weather apps raking in so much money? Especially when some of their utilitarian functions can be found elsewhere for much less, or even for free?
This raises the question as to whether some app developers are trying to scam App Store users by way of subscriptions.
We’ve found that does appear to be true, in many cases.
After reading through the critical reviews across the top money-making utilities, you’ll find customers complaining that the apps are too aggressive in pushing subscriptions (e.g. via constant prompts), offer little functionality without upgrading, provide no transparency around how free trials work and make it difficult to stop subscription payments, among other things.
Here are a few examples. This is by no means a comprehensive list, but rather a representative one, just to illustrate the problem. A recent Forbes article listed many more, if you’re curious.
Scanner App – This No. 69 Top Grossing app is raking in a whopping $14.3 million per year for its document scanning utility, according to Sensor Tower data. It has an unbelievable number of customer reviews, as well — nearly 340,000 as of today, and a rating of 4.7 stars out of 5. That will lead most customers to believe this is a good and trustworthy app. But when you parse through the critical reviews, you’ll see some valid complaints.
Tap around in the app and you’ll be constantly prompted to subscribe to a subscription ranging from $3.99 a week to $4.99 per month, or start a free trial. But the subscription following the free trial kicks in after only 3 days — something that’s detailed in the fine print, but often missed. Consumers clearly don’t understand what they’re agreeing to, based on their complaints. And many of the negative reviews indicate customers feel they got duped into paying.
QR Code Reader — Forbes recently found that TinyLab’s QR Code Reader was tricking users into a ridiculously priced $156 per year subscription. This has now earned the app the rank of No. 220 Top Grossing across the App Store, and annual revenue of $5.3 million.
Again, this “free” app immediately starts pushing you to upgrade by starting a “free trial.” And again, this trial converts to a subscription after only 3 days. Can you imagine paying $156 per year for QR code scanning — something the iPhone camera app now does natively?
Weather Alarms – With a 4-star rating after hundreds of reviews, this weather alerting app seems to be handy. But in reality, it’s been using a “dark pattern” to trick users into pushing a button that will start a free trial or sign them up for subscription. And it’s working — to the tune of over a million in annual revenue.
A full screen ad appears in the app, offering two buttons — try for free or pay. The small “X” to close the ad doesn’t even immediately appear! Users then end up paying some $20/month for weather alerts. That seems… excessive.
Legitimate developers have complained about this app for months, but Apple even featured it on its big screen at WWDC. (Watch the video embedded below. It’s incredible.)
This dark pattern is the best (stolen from full screen ads). The (x) close button animates in after a few seconds so that people don’t see they have a way to get off the page. Watch the upper left of the subscription page: pic.twitter.com/DaRJPvdu5Q
*After speaking to Apple about this app, Weather Alarms was removed from the App Store over the weekend.
Translate Assistant – The same developer behind Weather Alarms offers this real-time translation app promising instant translations across more than 100 languages and has 4.7 stars after nearly 4,000 ratings.
But the app is also super aggressive about pushing its subscriptions. With every app launch, a splash screen appears with three different boxes — 1 month ($12.99/mo), 12 months ($44.99/year) or the “free trial,” which converts users to a pricey $7.99/week plan after only 3 days.
Meanwhile, the option to “continue with a limited version” is in small, gray text that’s intentionally been designed to be hard to see.
The app is making $1.3 million a year, per Sensor Tower data.
As you can tell, the issue with many of these scammy apps is that they capitalize on people not reading the fine print, or they allow an app’s design to guide them to the right button to tap. Trickery like this isn’t anything new — it’s been around on the web as long as software has been sold. It’s just that, now, subscriptions are the hip way to scam.
These developers also know that most people — especially if they’ve just downloaded a new app — aren’t going to immediately subscribe. So they push people to their “free trial” instead. But that “free trial” is actually just an agreement to buy a subscription unless you visit the iTunes Settings and cancel it right away.
Many of these “free trials” convert almost immediately, too, which is another way developers are cashing in. They don’t give you time to think about it before they start charging.
“It’s incredibly frustrating how little has been done to thwart these scams,” says Contrast founder and longtime developer David Barnard, whose apps include Weather Atlas and Launch Center Pro. “It erodes trust in the App Store, which ultimately hurts Apple and conscientious developers who use subscriptions,” he says.
Apple also buries Subscription management
The issue of scam apps may not always be the failure of App Store review. It’s possible that the scammy apps sneak in their tricks after Apple’s App Review team approves them, making them harder to catch.
But for the time being, users have to take it upon themselves to cancel these sneaky subscriptions.
Unfortunately, Apple isn’t making it as easy for users to get to their subscriptions as it could be.
Compare Apple’s design with Google Play, where the option to manage Subscriptions is in the top-level navigation:
On the iPhone, it takes several more taps and a bit of scrolling to get to the same area in iOS Settings:
Above: Getting to subscriptions in the iPhone Settings (click images to view larger)
“The App Store has always been a great place, overseen and curated by highly intelligent and ethical people. I believe the App Store can stay as it always has been, if the right measures are taken to deal with those developers who trick the system,” Zhadanov adds.
Today, most subscription-based businesses thriving on the App Store come from legitimate developers. But they know how scammers could easily ruin the market for everyone involved. If allowed to continue, these scams could lead to consumer distrust in subscriptions in general.
In a worst-case scenario, consumers may even go so far as to avoid downloading apps where subscriptions are offered as in-app purchases in order to protect themselves from scams.
For now, Apple is largely relying on user and developer reports via reportaproblem.apple.com — a site most probably don’t know exists — to help them fight scammers. It needs to do more.
In addition to making access to your subscriptions easier, it also needs to better police “Top Grossing” utilities and productivity apps — especially if the service’s value is questionable, and the 1-star reviews are specifically calling out concerns like “sneaky billing” or mentions other subscription tricks.
Apple declined to comment on the matter, but its Developer Guidelines clearly prohibit fraudulent behavior related to subscriptions, and insist that apps are clear about pricing. In other words, Apple has grounds to clear out these scammy subscription apps, if it chose to focus on this problem more closely in the future.
In an interesting twist, Facebook is being sued in the UK for defamation by consumer advice personality, Martin Lewis, who says his face and name have been repeatedly used on fake adverts distributed on the social media giant’s platform.
Lewis, who founded the popular MoneySavingExpert.com tips website, says Facebook has failed to stop the fake ads despite repeat complaints and action on his part, thereby — he contends — tarnishing his reputation and causing victims to be lured into costly scams.
“It is consistent, it is repeated. Other companies such as Outbrain who have run these adverts have taken them down. What is particularly pernicious about Facebook is that it says the onus is on me, so I have spent time and effort and stress repeatedly to have them taken down,” Lewis told The Guardian.
“It is facilitating scams on a constant basis in a morally repugnant way. If Mark Zuckerburg wants to be the champion of moral causes, then he needs to stop its company doing this.”
In a blog post Lewis also argues it should not be difficult for Facebook — “a leader in face and text recognition” — to prevent scammers from misappropriating his image.
“I don’t do adverts. I’ve told Facebook that. Any ad with my picture or name in is without my permission. I’ve asked it not to publish them, or at least to check their legitimacy with me before publishing. This shouldn’t be difficult,” he writes. “Yet it simply continues to repeatedly publish these adverts and then relies on me to report them, once the damage has been done.”
“Enough is enough. I’ve been fighting for over a year to stop Facebook letting scammers use my name and face to rip off vulnerable people – yet it continues. I feel sick each time I hear of another victim being conned because of trust they wrongly thought they were placing in me. One lady had over £100,000 taken from her,” he adds.
Some of the fake ads appear to be related to cryptocurrency scams — linking through to fake news articles promising “revolutionary Bitcoin home-based opportunity”.
So the scammers look to be using the same playbook as the Macedonian teens who, in 2016, concocted fake news stories about US politics to generate a mint in ad clicks — also relying on Facebook’s platform to distribute their fakes and scale the scam.
In January Facebook revised its ads policy to specifically ban cryptocurrency, binary options and initial coin offerings. But as Lewis’ samples show, the scammers are circumventing this prohibition with ease — using Lewis’ image to drive unwitting clicks to a secondary offsite layer of fake news articles that directly push people towards crypto scams.
It would appear that Facebook does nothing to verify the sites to which ads on its platform are directing its users, just as it does not appear to proactive police whether ad creative is legal — at least unless nudity is involved.
Here’s one sample fake ad that Lewis highlights:
And here’s the fake news article it links to — touting a “revolutionary” Bitcoin opportunity, in a news article style mocked up to look like the Daily Mirror newspaper…
The lawsuit is a personal action by Lewis who is seeking exemplary damages in the high court. He says he’s not looking to profit himself — saying he would donate any winnings to charities that aim to combat fraud. Rather he says he’s taking the action in the hopes the publicity will spotlight the problem and force Facebook to stamp out fake ads.
In a statement, Mark Lewis of the law firm Seddons, which Lewis has engaged for the action, said: “Facebook is not above the law – it cannot hide outside the UK and think that it is untouchable. Exemplary damages are being sought. This means we will ask the court to ensure they are substantial enough that Facebook can’t simply see paying out damages as just the ‘cost of business’ and carry on regardless. It needs to be shown that the price of causing misery is very high.”
In a response statement to the suit, a Facebook spokesperson told us: “We do not allow adverts which are misleading or false on Facebook and have explained to Martin Lewis that he should report any adverts that infringe his rights and they will be removed. We are in direct contact with his team, offering to help and promptly investigating their requests, and only last week confirmed that several adverts and accounts that violated our Advertising Policies had been taken down.”
Facebook’s ad guidelines do indeed prohibit ads that contain “deceptive, false, or misleading content, including deceptive claims, offers, or business practices” — and, as noted above, they also specifically prohibit cryptocurrency-related ads.
But, as is increasingly evident where big tech platforms are concerned, meaningful enforcement of existing policies is what’s sorely lacking.
The social behemoth claims to have invested significant resources in its ad review program — which includes both automated and manual review of ads. Though it also relies on users reporting problem content, thereby shifting the burden of actively policing content its systems are algorithmically distributing and monetizing (at massive scale) onto individual users (who are, by the by, not being paid for all this content review labor… hmmm… ).
In Lewis’ case the burden is clearly also highly personal, given the fake ads are not just dodgy content but are directly misappropriating his image and name in an attempt to sell a scam.
“On a personal note, as well as the huge amount of time, stress and effort it takes to continually combat these scams, this whole episode has been extremely depressing – to see my reputation besmirched by such a big company, out of an unending greed to keep raking in its ad cash,” he also writes.
The sheer scale of Facebook’s platform — which now has more than 2BN active users globally — contrasts awkwardly with the far smaller number of people the company employs for content moderation tasks.
And unsurprisingly, given that huge discrepancy, Facebook has been facing increasing pressure over various types of problem content in recent years — from Kremlin propaganda to hate speech in Myanmar.
Last year it told US lawmakers it would be increasing the number of staff working on safety and security issues from 10,000 to 20,000 by the end of this year. Which is still a tiny drop in the ocean of content distributed daily on its platform. We’ve asked how many people work in Facebook’s ad review team specifically and will update this post with any response.
Given the sheer scale of content continuously generated by a 2BN+ user-base, combined with a platform structure that typically allows for instant uploads, a truly robust enforcement of Facebook’s own policies is going to require legislative intervention.
And, in the meanwhile, Facebook operating a policy that’s essentially unenforceable risks looking intentional — given how much profit the company continues to generate by being able to claim it’s just a platform, rather than be ruled like a publisher.