Hello,
I have detected what appears to be fraudulent activity.
In October, one of our apps (older, unmaintained) reported unusually high revenue (~4x).
I found the anomaly in Mixpanel: 49 in-app purchases where made from Tokyo between October 4 - 13th.
Each of these users literally opened the app, started a 7-day free trial, and never returned. In every single case.
Strangely, most of these trial converted, resulting ~4x the normal revenue.
My app did not experience any boost in ratings or rank (49 downloads wouldn’t really move the needle here). But it did see a steep rise in revenue. As far as I’m aware, this “IAP attack” hasn’t occurred in any other app we operate, nor is there any impact on private API/backend resources.
Question
What kind of attack is this? Should we report it to Apple or might that backfire into a suspension?
Would greatly appreciate any insight on this.