iOS平台爆出两款恶意软件 欺骗用户进行Touch ID支付
两款被爆出问题的应用分别是「Fitness Balance」和「Calories Tracker」，它们都属于健身类的app，可以提供常见的运动记录功能。只不过，当你在使用过程中想要查看个人卡路里或食谱资讯时，app内就会出现要求你扫描Touch ID的欺诈页面。若是你的警觉性不够高，就要付出120美元的代价了。
在这两款软件的不轨行为被发现以后，自然有使用者向苹果举报。目前来看App Store中的相关内容是已经被下架，但官方尚未就此给出任何声明就是了。按照WeLiveSecurity的说法，「Fitness Balance」原来有着高达4.3星的分数，其评价中有至少18个颇为正面的好评，回过头看这里面应该是有不少的水分吧。
根据苹果的开发者导引规定，这两款app背后的开发者以后（至少是没机会以原来身分）是没机会再在App Store上发布自己的作品了。但让人想不通的地方在于，这样的软件当初是怎么逃过以严格著称的App Store审核的呢？
Reddit users are exposing shady iOS fitness apps that use the Touch ID feature on iPhones and iPads to scam people out of cash. Both "Fitness Balance app" and "Calories Tracker app" were active on the App Store until recently, though Apple appears to have now removed them.
Like their genuine counterparts, they promised to calculate your BMI, track daily calorie intake, or remind you to drink more water. But they also used a cunning, but downright fraudulent, trick tied to to the iOS Touch ID sensor. While asking to secure your personalized diet data by scanning your fingerprint, the apps would display a pop-up showing a payment of $119.99. With just seconds to act, the scam could easily see users inadvertently handing over money from their connected credit or debit cards.
It seems people reported the apps to Apple, which likely led to their removal, though Apple itself hasn't released an official statement on the takedowns. According to WeLiveSecurity, the "Fitness Balance app" had an average rating of 4.3 stars, and received at least 18 mostly positive reviews, which may well have been faked.
In its developer guidelines, Apple forbids apps that "prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app." Developers who break the rules risk being banned forever, warns the company.
Despite Apple's solid track record when it comes to App Store security, the odd shady app has slipped through the cracks. Late last year a fake port of the Xbox game Cuphead made the cut, before being removed. And back in 2012, a fake version of the Game Boy classic Pokemon Yellow also briefly appeared on the App Store.