The Ongoing Saga of the Dark Side of the Mac App Store: New Scam Apps and Shady Tactics Used by Developers to Exploit Unsuspecting Users

Alex Kleber - a.k.a Privacy1St
6 min readMay 2, 2023

--

Welcome back to my ongoing investigation into the dark side of the Mac App Store. In my previous blog post, “The Dark Side of the Mac App Store: How Scam Apps and Shady Developers Are Preying on Users” I uncovered the disturbing truth about how scam apps and shady developers are exploiting unsuspecting users on the popular platform.

In that article, I discussed the tactics used by the managers behind the Katco company from Pakistan, who had created multiple Apple developer accounts (Pixelsbay and ParallelWorld) to spam multiple OpenAI applications.
They used shady techniques to boost their revenue and rank in the Mac App Store, including an abusive rate application technique that involved forcing users to rate their apps before using them.

Unfortunately, my investigation into the Mac App Store has uncovered even more disturbing practices being used by unscrupulous developers. In this continuation of my previous blog post, I will be delving deeper into the ongoing saga of the dark side of the Mac App Store, exposing that the Katco-orchestrated scam goes beyond any imagination.

More Katco related developer accounts spamming same OpenAI application

As I continued my investigation into the Katco company and its practices in the Mac App Store, I came across something unexpected. While reviewing screenshots from my previous blog post, I noticed that some employees’ names were mentioned in relation to the scamming tactics used by Katco.

Upon further research, I discovered that the developer accounts for Abid Ali, Ali Raza, and Muhammad Ali Raza were all related to the Katco company. These accounts were being used to publish multiple scam apps on the Mac App Store, in addition to the accounts previously identified in my earlier investigation.

Same style icon, the same category, and almost the same update notes “Performance Enhancement” (it is maybe the first time I see this wording in an update release note)

Application Name: Chatbot Ai Powered by GPT-4
Application Link: https://apps.apple.com/app/chatbot-ai-powered-by-gpt-4/id6447077370
Identifier: com.chat.gpt.by.open.ai
TeamIdentifier: J3HZ2NWUYS
Developer Name: Ali Raza

Application Name: ChatBot Powered by GPT-4
Application Link: https://apps.apple.com/app/chatbot-powered-by-gpt-4/id6447588145
Identifier: com.app.chatbot.openai.chatgpt
TeamIdentifier: GWDH38BRC2
Developer Name: Muhammad Ali Raza

Application Name: AI Chat Bot | Powered By GPT-4
Application Link: https://apps.apple.com/app/ai-chat-bot-powered-by-gpt-4/id6445991020
Identifier: com.intelliapps.ai.chat.bot.macapp
TeamIdentifier: 6PT83D8KD3
Developer Name: Abid Ali

Upon further investigation into the Katco company’s developer accounts, it became clear that the accounts for Ali Raza and Muhammad Ali Raza were essentially the same person. The real name of the developer is Muhammad Ali Raza, who is currently employed as a software engineer at Katco. It is not uncommon, in scammers world, to use multiple accounts to publish and spam multiple apps on the Mac App Store, but this practice can become more problematic when it is used to deceive users. Also owning multiple developer accounts and spoofing the same apps is strictly forbidden by Apple Developer Agreement.

Just one month ago, Katco company made a post on LinkedIn celebrating the work anniversary of Ali Raza.

In addition to the developer accounts previously identified, my investigation has revealed that the developer behind the account Abid Ali is also employed at Katco as a Developer IOS — Mac OS — Software Project Management. This is another clear indication of the close relationship between Katco and the multiple developer accounts being used to publish scam apps, OpenAI — related, on the Mac App Store. As I continue to uncover more about the company’s practices, it is becoming increasingly clear that they are engaging in deceptive practices to manipulate the platform and exploit unsuspecting users.

Same style paywall and marketing technique used by the Katco owned developer accounts Pixelsbay and ParallelWorld

My investigation into the Katco company and its developer accounts has uncovered yet another troubling discovery. I have found that the applications “Chatbot Ai Powered by GPT-4,” “ChatBot Powered by GPT-4,” and “AI Chat Bot | Powered By GPT-4” all use the same style of paywall without a close button.
This means that the end user must force quit the application if they do not wish to subscribe. These applications are using the same style of paywall as previously spotted in the Katco company’s other two developer accounts, Pixelsbay and ParallelWorlds. Specifically, the paywall includes a little button on the bottom (usually not visible in big resolutions) that has the text “Continue to free”.

Chatbot Ai Powered by GPT-4, ChatBot Powered by GPT-4 and AI Chat Bot | Powered By GPT-4 paywalls

In addition to the similar style of the paywall, I have also discovered that the applications “Chatbot Ai Powered by GPT-4,” “ChatBot Powered by GPT-4,” and “AI Chat Bot | Powered By GPT-4” are using the same shady review technique that I had previously identified in the Pixelsbay and Parallelworld developer accounts.
Specifically, the apps are requesting users to review them immediately after they have purchased them, likely in an attempt to boost their rankings and visibility in the App Store. This technique was also spotted in a recent Mashable investigation, which further corroborates my findings. It is deeply concerning that these practices are becoming more widespread in the App Store.

It is worth noting that this review technique is not being used to gather feedback and improve the applications, but rather to artificially boost their ranking in the Apple Mac App Store search results. By pressuring users to leave positive reviews immediately after purchase, these developers are able to quickly climb the ranks and gain more visibility in the store. This is a clear violation of Apple’s policies and undermines the integrity of the App Store ecosystem.

This kind of technique is strictly prohibited according to Apple Appreview Guidelines and SKStoreReview Documentation (https://developer.apple.com/documentation/storekit/requesting_app_store_reviews):

“You can determine when and where your app displays the prompt to request a review. Think about the best places within your app to show a request for review, and what conditions are appropriate to delay it. Here are some best practices:

  • Try to make the request at a time that doesn’t interrupt what the user is trying to achieve in your app. For example, at the end of a sequence of events that the user successfully completes.
  • Avoid showing a request for a review immediately when a user launches your app, even if it isn’t the first time that it launches.
  • Avoid requesting a review as the result of a user action.”

Conclusion

Based on the evidence presented above, it is clear that the persons behind the Abid Ali, Ali Raza, and Muhammad Ali Raza developer accounts has strong connections to the Katco company, which owned the developer accounts Pixelsbay and ParallelWorld.

These accounts were previously banned from the Mac App Store for abusive behavior, and it is highly likely that the Katco managers used their employees’ details, either with or without their consent, to create more Apple Developer Accounts and spoof the same style OpenAI Chatbot applications.

These practices are deeply troubling and undermine the integrity of the App Store ecosystem. It is crucial that Apple take immediate steps to address these issues and protect users from falling victim to these scams in the future. I will continue to monitor this situation closely and report on any new developments that arise.

Unlisted

--

--

No responses yet