How did a ‘scammy’ $99 per week iPhone VPN become a top App Store earner?

A developer has earned up to $80,000 per month by charging a $99 per week for a VPN product on the App Store. 

Apple has come under fire for allowing the “Mobile protection :Clean & Security VPN” app to be sold on the US App Store and charging users exorbitant fees for seemingly unnecessary security services, such as iOS antivirus. 

The VPN app, from the seller “Ngan Vo Thi Thuy”, doesn’t appear to be malware, but is notable for the high cost of its subscription. The app has been a top earner on the App Store for nearly two months.

It also raised questions about Apple's app review process and how it vets its new App Store Search Ads product, which allows developers to buy ads that appear in search results to make them more easy to discover in Apple's crowded app store. 

Developer Johnny Lin drew attention to the app after noticing it had become a top earner despite it coming from a developer without a high reputation. Apple recently boasted the App Store had paid developers $70 billion since 2008

Lin and Apple watcher John Gruber are asking how Apple let this app past its review process and are demanding Apple reconsider its App Store advertising system.   

“I was one Touch ID away from a $400 A MONTH subscription to reroute all my internet traffic to a scammer,” Lin wrote in a Medium post on Friday. 

The pricey subscription offers a “Full Virus, Malware scanner”, which Lin notes is technically impossible since all third-party iOS apps are confined to their own app sandbox and hence can’t interrogate other installed apps.   

The VPN app offers to “auto scan duplicated contacts, merge or delete”, as well as a full scan which will “scan for dupplicate (sic) name , phone, email, no name, no phone , no email”. A premium to VPN subscription promises to "change your device IP”.

The app was published on the App Store on April 14, likely capitalizing on the recent US congressional vote to allow ISPs to sell their subscribers' browsing history and other data without gaining user consent. VPNs can help users protect user privacy by encrypting traffic, however users should be cautious as VPNs requires trusting the firm offering the service.  

Apple has removed the app from the US App Store, however it is still available in the Belize version of the App Store. One of the seller’s other apps, “goSMS - Funny Messenger” costs $99 per month.  

The VPN app has likely earned its developer tens of thousands to date. Mobile analytics firm Sensor Tower estimates the app has generated about $80,000 per month. As Lin notes, it’s been a top 10 grossing app on the US App Store from April 20 to June 7. To earn that amount the app would only need around 200 subscribers. Over a year the developer would earn $960,000, of which 30 percent would go to Apple.  

The app exposes several problems with the App Store currently. As Gruber notes, app's appearance on the App Store was offensive to legitimate developers who've been struggling with Apple’s review process.  

“Given how many legitimate developers are still having problems getting their apps approved due to seemingly capricious App Store reviewer decisions, it’s doubly outrageous that these apps have made their way onto the store in the first place. These are the exact sort of apps that the App Store review process should be primarily looking to block,” Gruber wrote on his Daring Fireball blog in response to Lin’s research.

“And there is no excuse for Apple not having flagged them after the fact, once they started generating significant revenue. It’s downright mind boggling that this horrendous “Mobile protection :Clean & Security VPN” app made it all the way into the top 10 without getting flagged,” he added.

The other problem is Apple’s relatively new app advertising system, App Store Search Ads, which Lin found several scam apps abusing. Apple introduced at last year’s WWDC as way to cut through the 2 million or so apps on the store.  

“They’re taking advantage of the fact that there’s no filtering or approval process for ads, and that ads look almost indistinguishable from real results, and some ads take up the entire search result’s first page,” wrote Lin. 

Gruber argued that Apple needs to reassess “the effects of allowing developers to buy their way to the top spot in search results”.   

CSO Online has asked Apple for comment and will update the story if it receives a response. 

Tags AppleIT Securityvpnantivirusapp storecyber security skills

Show Comments