If you thought that the iOS ecosystem was completely safe from scammy apps and malware, you would be wrong. Apple's App Store certainly has fewer incidences of scammy apps being put up for download by users than Google Play does because Apple checks apps out before they can be offered on the App Store.
Apple is now dealing with scammy apps that made it through review and leveraged the Touch ID platform to try and trick users into making payments they didn't want to authorize. Two apps were doing this with one called "Fitness Balance" and the other called "Calories Tracker." Both apps used the same tactic to steal money; they would claim that the user needed to place their finger on the Touch ID scanner for ten seconds to create a personalized diet and to perform other actions.
While the user had a finger placed on the Touch ID scanner, the app pops up a window requesting an in-app purchase of a sum of money, often $99.99. With the user already having their finger on the Touch ID fingerprint sensor, the request is approved almost immediately. The user doesn't have enough time to realize what the app is doing and stop the payment.
.@AppleSupport this app called Fitness Balance is trying to scam people out of $100+ dollars by tricking them into purchasing their in-app purchases. It is unacceptable this app managed to get on your App Store. pic.twitter.com/I68vwQoG86— Jacques Fourie (@Jac4e) November 29, 2018
Apple hasn't shed any light on how these scam apps made it through the review process or what users can do to stop apps from using this sort of fingerprint scam in the future. One user, Jacques Fourie, tagged Apple Support in a tweet he made about the scam. Apple Support replied to that tweet stating it would be reported to the appropriate team for review. That tweet is as close to an official comment as Apple has given.