A few scammy iOS applications have taken advantage of Apple's Touch ID platform by trying to trick users into making fake promises to use fingerprint scans for training data, according to ESET's blog WeLiveSecurity .  The two apps – called "Fitness Balance" and "Calories Tracker" – were discovered by various Reddit users during the past week, and both have similar tactics. As part of the so-called "training tracking", the apps prompt users to add fingerprints on the Touch ID scanner for 10 seconds to "create personal diet and other stuff." While a user's finger is placed on the pillow, the app displays a purchase purchase request for apps for $ 99.99. Since the user's finger is already on the Touch ID pad, the request can be approved almost immediately.
This hack works because Touch ID is such a seamless process. By trying to be as fast and discreet as possible, the phone begins to scan your finger already on the pillow as soon as the request for payment appears. The rate at which Touch ID work means means that when a user has processed what is happening, the payment is already approved.
There are legitimate technologies that can provide training information like this, like the Apple Watch Series 4's forthcoming ECG feature that has users, place your finger on a side button for to measure heart data. And while these features have nothing to do with fingerprint scanning, it's easy to see how some users made the mistake by thinking that an iPhone could do something similar.
Based on the same user interface, it seems likely that both apps were created by the same developer. Fortunately, both seem to have been removed from the App Store, and hopefully, Apple will keep an eye on this type of UI hacking in the future.