Entrepreneur Kosta Eleftheriou has made it his life’s mission to expose scammy iOS apps, and his latest discovery is a doozie. He found a game called Jungle Run — basically a 2D coin running game — that turns into a cryptocurrency-funded casino in Turkey.
The app is currently live on Apple’s App Store and claims to be a “fun running game.” When you install it, you see the app’s terms of service in what appears to be a website window inside the app. The terms, unusually, are stored on a Pastebin page that appears for a moment and then disappears.
Once you start up the app, you’re presented with a game that looks like it was made by a grade-schooler:
Normal users would delete this app instantly. But, there’s a surprise if you appear to be in Turkey based on your IP address.
Instead of showing you the monkey game, a web-based casino appears asking you to fund your online wallet with cash and various cryptocurrencies. Baffled by this, I decided to try it myself. I downloaded the game and tried it in the U.S. Up came the awful monkey game as expected. I then changed my location via VPN using Proton VPN, and voilà: up comes a roulette wheel and a request to go around Apple’s in-app purchase system and fund a sketchy casino wallet.
“Alternative App Stores that focus on security rather than revenue would do a much better job than Apple,” said Eleftheriou. “The iPhone already has enough system-level protections to make this work, and Apple needs to drop the security theatre that’s harming consumers every day.”
The app creator, Colin Malachi, was impossible to find online, but Eleftheriou said the scam has been running for months now. The app itself has no reviews and was last updated on January 23, 2021, presumably to add the janky terms of service screen.
Here is a video of the app running before setting the IP address to Turkey and after.
The app is still live as of this writing.
“As an icing on the cake, people in the reviews say that they deposited large sums for the promise of a bonus, but they never received the promised payouts. Surprising no one, the scammers aren’t even operating a fair casino,” said Eleftheriou.
We’ve requested comment from Apple, but it’s best to avoid this app, especially if you’re in Turkey.
But since the scammers are not using Apple’s IAP, and an online casino could just be a website, why are they even going through the App Store?— Kosta Eleftheriou (@keleftheriou) April 15, 2021
To take advantage of people’s misplaced trust due to Apple’s “Security! Privacy!” marketing.
In fact, this *is* just a web view! pic.twitter.com/LqKHpSOw74