The Dark Side of the Mac App Store: How Scam Apps and Shady Developers Are Preying on Users

Alex Kleber - a.k.a Privacy1St
9 min readApr 22, 2023

--

In the last 30 days, I have been closely monitoring the Mac App Store and have made a disturbing discovery. In the midst of the OpenAI frenzy, several apps have surfaced that are copying the iconic OpenAI logo and color scheme in order to mislead unsuspecting MacOS App Store users. But that’s not all — I also found that some developers are abusing Apple’s Developer Agreements by spamming multiple accounts and flooding the store with nearly identical applications. This creates a “cartel” style environment and unfair competition for other developers. Some shady developers that I will present in this article are also resorting to abusive tactics such as requesting a review from users just after one minute of using the application, solely for the purpose of manipulating their ranking on the App Store. In this article, I will dive deeper into the issue of scam apps and shady developers that are plaguing the MacOS App Store.

OpenAI Scam apps

A simple search for keywords like “OpenAI” and “ChatGPT” on the MacOS App Store reveals the alarming truth about the prevalence of scam apps and shady developers. It’s not uncommon to come across several apps with identical or similar names and logos copies of OpenAI icons and colors, claiming to offer advanced AI-powered chatbots or language models. However, most of these apps are nothing but cheap imitations or outright scams that fail to deliver on their promises. These scams not only deceive users but also tarnish the reputation of legitimate developers and hinder the growth of the app ecosystem on the MacOS platform.

The above screenshots belong to two different developer accounts: Pixelsbay and Parallelword — both accounts are owned by the same people as I will detail more later in this article
For these two applications, the developers had simply copied the OpenAI icon without any changes misleading the MacOS Apple Appstore users

Despite being scams, these applications are generating significant revenue for their developers. By exploiting the popularity of AI-powered chatbots and language models, these scammers are raking in thousands of dollars from unsuspecting users who are willing to pay for what they believe to be a legitimate product. In fact, many of these scam apps are among the top downloaded applications on the MacOS App Store, thanks to their clever use of keywords and misleading marketing tactics. (as can be seen in the screenshots below)

This is a clear indication of how easily users can be duped into paying for a product that does not deliver on its promises. It’s high time for Apple to take a stricter stance against these scams and protect its users from falling victim to such deceptive practices.
Some of them were approved by the Apple App review team just 3 days ago and 1 day ago with a 1/1 copy of the OpenAI icon and colors

Applications links and identifiers:

Developer: ParallelWorld
TeamID: YTKT98H4MN
Identifier=com.pw.chatbotmac
Link: https://apps.apple.com/de/app/chat-bot-powered-by-gpt-4/id6446375901?mt=12

Developer: Pixelsbay
TeamID: HAVH7B94H6
Identifier=com.pb.chatgptmac
Link: https://apps.apple.com/de/app/chat-bot-ai-writing-assistant/id1665638231?mt=12

Developer: Abid Ali
TeamID: 6PT83D8KD3
Identifier=com.intelliapps.ai.chat.bot.macapp
Link: https://apps.apple.com/de/app/ai-chat-bot-writing-assistant/id6445991020

Developer: Ali Raza
TeamID: J3HZ2NWUYS
Identifier=com.chat.gpt.by.open.ai
Link: https://apps.apple.com/de/app/chatbot-ai-powered-by-gpt-4/id6447077370?mt=12

The same developers behind the Pixelsbay and ParallelWorld accounts

1. Both companies share the same address in Pakistan

2. Both applications share 99% of the same code with slight modifications

3. The scammy developers didn’t even bother to make a different paywall style for both apps. Both apps share the same paywall with slight differences and there is no close button. This behavior of not providing a close button on the paywalls is highly unethical and can be considered a scam. It puts the users in a frustrating situation where they are forced to either subscribe or forcibly quit the application to regain control of their device.

The paywall of both apps can’t be closed

Further investigation into some of the scam applications being developed by ParallelWorld and Pixelsbay reveals that these developers are likely the owners of a company called Katco based in Pakistan, owned by an individual named Hm Ali. This suggests that these scams may be part of a larger operation aimed at exploiting the popularity of AI-powered chatbots and language models and other popular applications from the MacOS App Store. It’s alarming to think that such sophisticated and well-coordinated scams can be perpetuated on the MacOS App Store with little to no oversight.

I found out about Katco clue while investigating an application called Switchy, listed in the MacOS App Store under the Pixelsbay developer account, and saw references about Katco and a person hmali (as is indicated in the username of the MacOS system)

Digging more into Katco I was not surprised to find out that the Katco company is sharing the same address as ParallelWorld and Pixelsbay.

4. In the applications: Chat Bot: Powered by GPT-4 and Chat Bot- AI Writing Assistant, Folder: Contents/Resources there are two files called LICENSE and README.md that are making reference to: hm ali <hmali.katco[@]gmail.com>

5. Moving forward in the Katco way I found that this person called HM Ali is the manager of the Katco company and the one who is instrumenting the whole scam operation.

The data above was provided with the help of the Data Lead website (https://data-lead.com/person/name/Hm+Ali/id/306730008/v/723fa)

Based on the evidence gathered from the investigation, it’s becoming increasingly clear that the developers behind ParallelWorld and Pixelsbay are likely the same people, and that the scams are being orchestrated by the owner of the Katco company, Hm Ali. These findings underscore the need for stricter regulations and monitoring of the MacOS App Store to prevent such scams from proliferating and causing harm to users and legitimate developers alike. It’s crucial for Apple to take swift and decisive action against such unscrupulous practices and to safeguard the integrity of its platform.

Abuse of the MacOS Appstore review system

Upon further investigation, it appears that the abusive tactics employed by ParallelWorld and Pixelsbay go beyond just misleading users with scam applications. The high number of reviews gathered by the Chat Bot application, listed under the ParallelWorld developer account, suggests that these developers are resorting to unethical means to solicit positive reviews from users. This kind of behavior is not only against the App Store guidelines but also detrimental to the interests of legitimate developers who rely on honest reviews to attract users. It’s clear that these developers are engaging in a range of shady practices that have no place on the MacOS App Store.

By looking into how many reviews this application gathered in the last 24 hours (thanks to the great analysis platform of Appfigures — www.appfigures.com) I went further into the investigation.

More than 175 reviews were received in the last 24 hours Worldwide with 63 total reviews received in the US Store. These reviews were possible by using a simple abusive technique: request the user to review your app immediately after the subscription to the application and every time the user asks a question to the OpenAI without allowing the user to test your application more time. As is normal, a feedback/review system is useful when the developer is asking a user to review his application after some time of usage, in order to get a good picture of his application and improve it. But this is not our case, the review system was used simply just to trick users to review the application, getting the reviews, and ranking fast in the MacOS Appstore.

This kind of technique is strictly prohibited according to Apple Appreview Guidelines and SKStoreReview Documentation (https://developer.apple.com/documentation/storekit/requesting_app_store_reviews):

“You can determine when and where your app displays the prompt to request a review. Think about the best places within your app to show a request for review, and what conditions are appropriate to delay it. Here are some best practices:

  • Try to make the request at a time that doesn’t interrupt what the user is trying to achieve in your app. For example, at the end of a sequence of events that the user successfully completes.
  • Avoid showing a request for a review immediately when a user launches your app, even if it isn’t the first time that it launches.
  • Avoid requesting a review as the result of a user action.”

Another 8 MacOS App Store developer accounts — 1 person behind

During my search for developers with multiple accounts, I came across an individual who was found to be using eight different developer accounts on the MacOS App Store. Upon further investigation, it was discovered that this individual was spamming the App Store with numerous duplicate apps.

This was done using a pattern that involved creating free Google websites and using the same pattern in his Gmail email address, which made it easy to identify the related accounts(see below). The sheer number of duplicate apps that this developer was releasing on the App Store was causing significant clutter and confusion for users, making it difficult for them to identify legitimate apps.

This behavior is a clear violation of the App Store’s guidelines, which require developers to submit original and useful apps that provide a high-quality user experience. The discovery of this developer highlights the need for greater vigilance in monitoring the App Store to prevent such spamming activities and maintain a high standard of quality for apps available to users.

App: https://apps.apple.com/de/app/sync-docs-for-google-drive/id1666471611?mt=12
Web: https://sites.google.com/view/kendra-gfile/support
Support email: Letremarkab43020@gmail.com

App: https://apps.apple.com/de/app/pdf-reader-for-adobe-pdf/id1661919289?mt=12
Web: https://sites.google.com/view/zq-pdf-editor/home
Support email: alexanderbiographerdz69212@gmail.com

App: https://apps.apple.com/de/app/expert-pdf-editor-for-adobe/id6443838622?mt=12
Web: https://sites.google.com/view/ll-pdf-editor/support
Support email: Janiett074590@gmail.com

App: https://apps.apple.com/de/app/docs-writer-doc-processor/id6444884789?mt=12
Web: https://sites.google.com/view/wordeditor/home
Support email: overnight.Cleveland34567439@gmail.com

App: https://apps.apple.com/de/app/pdf-reader-sign-for-adobe-pdf/id6443495616?mt=12
Web: https://sites.google.com/view/readpdfs/home
Support email: zwPatel205144@gmail.com

App: https://apps.apple.com/de/app/switcher-browser-open-link/id1671743556?mt=12
Web: https://sites.google.com/view/switch-browser/support
Support email: tania375189628@gmail.com

App: https://apps.apple.com/de/app/screen-recorder-record-it/id1661261167?mt=12
Web: https://sites.google.com/view/screenrecoding/support
Support email: debtol.14.64@gmail.com

App: https://apps.apple.com/de/app/share-docs-for-google-drive/id6443440733?mt=12
Web: https://www.grasshoppertechs.com
Support email: previously.Morgan55122822@gmail.com

App: https://apps.apple.com/de/app/share-docs-for-dropbox/id1643106264?mt=12
Web: https://www.grasshoppertechs.com
Support email: previously.Morgan55122822@gmail.com

In conclusion, the article highlights a clear violation of the Apple Developer Agreement by individuals who were found to be spamming multiple developer accounts on the MacOS App Store.

The individuals in question were found to be creating numerous duplicate apps, and developer accounts and using shady techniques to mislead users and abuse the rating system in order to rank higher than legitimate developers.

Such behavior creates an unfair and competitive environment for legitimate developers who follow the App Store guidelines, and it goes against the principles of fair competition that Apple strives to uphold.

By abusing the system, the individuals were creating confusion and clutter on the App Store, making it difficult for users to identify legitimate apps and eroding the trust that users have in the platform.

It is crucial that such violations are detected and addressed in a timely manner to ensure the integrity of the platform and the user experience. Apple has a responsibility to maintain a high standard of quality for apps on its platform and to ensure a level playing field for all developers.

Got any questions on this subject drop me a message at my Twitter account @privacyis1st

Unlisted

--

--