Considering how stringent their review process is wrt ensuring app behavior doesn't impinge on their own interests, perhaps it is time to hold Apple liable for nevertheless permitting behavior which harms the end user.
Activity Monitor: find the app, identify linked files. Delete the app and all linked files.
Browser extensions were notorious for hijacking browsers back in the day. They’d also throw up modal dialog with no clear way to remove them. But if any App Store developer did this Apple should consider them user hostile and cancel their account. There is no reason to create a dark pattern this evil.
I use AppCleaner & usually it gives a prompt to move linked files after a application has been deleted. Orphaned files option needs to be enabled in setting.
I would hope that the only way such an app gets trough Apple's review process is by cheating (e.g. detecting that it is being reviewed and behaving differently).
I would also hope that once Apple realizes this, the developer is banned right away – which does not seem to be the case (yet). While the app in question is not available in the App Store anymore, the developer's other apps employing the same scheme still are.
As someone who prefers the iOS and macOS platforms, the biggest areas where I wish for strong regulatory actions are on the app store restrictions (no side loading and large cuts from the price) and the right to repair fronts. Apple repeatedly claims that Android and Windows are (comparatively) insecure and cites malware statistics, but I’m not seeing Apple really spending money to get capable people at all levels to manage the app stores on these platforms. There have been plenty of reports on developers making millions by gouging users with useless apps.
This instance of ransomware on the Mac App Store is mind boggling. I thought the apps listed on the Mac App Store are heavily sandboxed and that they couldn’t get more permissions without somehow making the user change settings in System Preferences (and even that wouldn’t be the same as installing a binary downloaded from the web). How does an app get through reviews and technical restrictions?
When it comes to the app stores, Apple’s negligence over the years while making more than 70% margins on services (which is where app store revenue is counted, AFAIK) is appalling. I’ve avoided spending money on these app stores, and prefer buying from reputed developers for macOS apps. Unfortunately, that’s not possible for iOS.
> How does an app get through reviews and technical restrictions?
The suggestion is that the bad behaviour is deliberately hidden from Apple's reviewers, e.g. by introducing a time flag ("don't show this until 1 February 2022"), geoblocking ("don't show this to users with an IP address in the US"), etc.
macOS will try to gracefully quit the running apps before shutting down. So if an app doesn't quit, it shows a message.
The user could just force quit it from the Apple menu, but I guess not everyone knows how to do it. So the app doesn't really do anything outside the sandbox.
I agree. This is shady behaviour but everyone knows what ransomware is and this is not it. I guess the headline 'Mac app store app attempts extortion, poorly' wouldn't have generated as many clicks.
Reading the story, to call this "ransomware" is a bit of a stretch. Reminds me a bit of those spam websites that would tell you that you had a virus on your machine, and prevent you from navigating away using Javascript.
The biggest "scam" I see on the app store is the lack of guardrails for subscription apps. Even the most basic apps now want you to "subscribe" to their app for $X/mo. There are the obvious scams out there (Icon pack that charges $99/week subscription) but my real gripe is most apps now, even those that are seemingly offline and don't have ongoing costs for a developer, also have a subscription. Like sorry dude, I'm not paying you $2.99/month to use an OFFLINE notes app.
- having to spend time re-fixing things you already did, that broke because Apple likes to update its APIs or release new devices with unexpected new requirements
- eventually buying entirely new hardware when Apple obsoletes something (and eventually, they threaten to deny app updates or kick you out of the store if, heaven forbid, you can’t update your screenshots to match the latest devices or whatever)
- additional hardware to test sufficiently to know you have released something that is stable for more people than just the developer
- and, uh, frankly, a continuous need to eat and be sheltered and pay bills if this is actually your job
In fact, almost any cost I can think of is in some way a continuous thing.
What’s actually broken are the notions that:
- somehow software should be cheap (it is not cheap to make)
- somehow paying an outrageously small one-time fee means infinite updates and no real costs after that (see above)
Do you accept that your one-time fee offline app will stop working one day out of the blue with the beautiful message "the developer needs to update this app", because Apple deprecated an API used by the app?
Malicious for sure. Ahhh the good old times where the App Store actually was checking your apps, and rejecting when it crashed or when they didn't agree about some UI decisions
