Skip to main content

Hello,

 

I have detected what appears to be fraudulent activity.

 

In October, one of our apps (older, unmaintained) reported unusually high revenue (~4x).

 

I found the anomaly in Mixpanel: 49 in-app purchases where made from Tokyo between October 4 - 13th.

 

Each of these users literally opened the app, started a 7-day free trial, and never returned. In every single case.

 

Strangely, most of these trial converted, resulting ~4x the normal revenue.

 

My app did not experience any boost in ratings or rank (49 downloads wouldn’t really move the needle here). But it did see a steep rise in revenue. As far as I’m aware, this “IAP attack” hasn’t occurred in any other app we operate, nor is there any impact on private API/backend resources.

 

Question

What kind of attack is this? Should we report it to Apple or might that backfire into a suspension?

 

Would greatly appreciate any insight on this.

Hi @gas,

That’s strange - I’m not certain what sort of attack this could be, or if it is one. Have you seen any sort of refunds associated with these converted trials? Besides being located in Tokyo, are you seeing any other commonalities amongst the users?

I can guarantee that any purchases recognized by RevenueCat have been validated by the stores. I can also recommend taking advantage of Trusted Entitlements for added security: https://www.revenuecat.com/docs/customers/trusted-entitlements

Otherwise, hopefully another developer can chime in if they’ve seen something similar!


Hi @kaitlin,

Thanks for sharing some ideas.

I don’t see any spike in refunds—only seven reported events for all of October but this may include “real” users too.

There are some weaker commonalities:

  • ~70% are using iPhone 8,1; ~16% iPhone 9,1; ~14% iPhone 10,1
  • ~33% run iOS 15.8; ~25% run iOS 15.8.2; ~22% run iOS 15.8.3; ~14% iOS 16.7.8;  ~6% iOS 15.7.3
  • They all bought the same annual plan with a 7-day trial.

Digging into the customer profiles, it looks like this group of users hits a billing error, and then switches to a discounted annual plan. However, most of them have converted into real money.

The only non-nefarious explanations I can think of:

  • A Toyko-based company installed the app on employee devices via MDM and they haven’t started using it yet.
  • It’s for security research regarding in-app purchases.
  • A bug in the App Store made my app rank higher in Tokyo.

Anyway, I did end up reporting it to Apple as a “Fraud Concern” as a precaution. They wrote back saying they’re investigating it and will contact me if they need further information. I figured this makes the most sense because if it is fraud, I don’t want to seem complicit or negligent.

Maybe RevenueCat can conduct a high-level analysis to see if other apps are encountering this “infinite money glitch”.

 

 

 

 

 

 

 


Reply