Predatory iOS Cleanup Applications

5 days ago 20 min read

Like millions of Americans during Christmas I traveled to meet up with family members and enjoy the holidays. As one of the younger tech-enabled family members, I got to experience the immediate sadness of noticing my Grandma's phone had two apps installed that were charging her $7.99 weekly.

Now any mobile application that charges weekly must be doing something insanely beneficial, but in this case they were both cleanup apps to free storage on iOS devices.

These 2 applications were:

Their respective App Store pages as they existed in December 2024.

So imagine my horror when I found two weekly subscriptions that were active for the same style of application! I couldn't quite figure out how long they were being paid for, but I removed them and cancelled them as quick as possible.

💡

If you are trying to cancel subscriptions on iOS, such as predatory cleanup apps - head to the official Apple documentation for a guide.

I was then a bit upset that I was then looking at applications that were #7 and #14 in the top 15 of free utility applications. However, maybe I was blowing this out of proportion with how many features these applications offered. It looked like these apps both roughly did the following:

clean up space
detect duplicate photos
cleanup emails
compress videos
merge contacts
unique charging animations
private photos
custom widgets

Though I was still fueling with anger so I decided to investigate this further. I requested an iOS device from the office, configured my account, and downloaded both of these applications for an investigation and got to work.

I had an iPhone XR with an Apple account configured - with both applications downloaded and Charles Proxy configured to log all my network traffic.

I opened the first application "Cleanup" and was immediately asked if I would allow the application to track my activity across apps/websites to which I said no. This is commonly referred to ATT (App Tracking Transparency) which is something Apple has pushed heavily recently to allow consumers to opt out of tracking.

I guess that was bleak hope that would change anything as my Charles proxy emitted with a huge slosh of web requests that can be categorized as analytic/tracking/ads.

Adjust - https://analytics.adjust.com
Firebase - https://app-analytics-services.com
Cerebro? - https://gateway.cerebroapi.com
Admost - https://cdn-api.admost.com
Facebook - https://ep2.facebook.com
Unity Ads - https://httpkafka.unityads.unity3d.com

However, I pushed forward to test out the application and that didn't last long until I was forced into a subscription.

Journey of "Cleanup" -> Welcome -> Try Free -> Lifetime

For someone growing up with technology, I've never seen a more insulting setup of application for something that claimed it was free to try with "in app purchases". Let's go through the reasons:

Why do you need access to my photos BEFORE anything has happened?
A weekly payment of $8 is absolutely insane - that's $416/year for a solid amount of features your phone can already do.
A lifetime payment of $40 suggests most people won't stay subscribed more than 5 weeks.

Thankfully I found the little "x" in top right corner which dropped me into the application on the presumed "free plan". That of course didn't last long with ads shoved in my face as I tried to explore the features. Once I finally tried to delete a duplicate photo I was forced back to the subscription page.

Since I was now blocked and determined to push forward - I pulled out a credit card and got my Apple account setup to begin a free trial.

Just like that with a few button clicks I entered into an agreement to pay a company $8/week to explore an application for cleanup tasks.

App		Cleanup: Phone Storage Cleaner
Subscription		Cleanup Pro 1 Week
Content Provider		Codeway Dijital Hizmetler Anonim Sirketi
Date Accepted		Jan 2, 2025
Trial		Free for 1 week, starting Jan 2, 2025
Renewal Price		$7.99/week, starting Jan 9, 2025

There was zero chance I was going to share my email or contacts with this application so I couldn't do a thorough investigation, but I was still mind blown that this application was priced at $8/week.

As I clicked around every single touch/click event caused an API call to "gateway.cerebroapi.com" which as the name suggests from Cerebro of X-Men knows every single thing you do in this application.

Granted, so does Facebook, Firebase, Adjust and others but at least those platforms batch their API calls. This Cerebro one just hammers an API call for each action and emits completely unrelated data to their servers. For paying this company $8 a week - it seems extremely shady that all this information is harvested. Like what is the point of paying an absurd amount of money weekly when information is harvested like you don't pay? I could expect some of this if you were using it for free, but I was now a "pro" user.

These payloads are absolutely massive, which I dumped on GitHub for research. However, a few things looked a bit odd in the data obtained.

{
  "version": "4.19.1",
  "event_name": "photo_access_authorized",
  "user_id": "F3C57EC5-5DE9-4FB0-8349-7F51234F7342",
  "duration": 0,
  "session_id": "2283ae9898c65e8bc0107f947b050b176e52d9ebce701b66f8daba75a64198e4",
  "app_id": "com.codeway.cleanerplus",
  "adjust_event_id": "uwewn1",
  "result": "success",
  "type": "event",
  "properties": [
    {
      "value": {
        "int_value": 6
      },
      "key": "session_count"
    }
  ],
  "event_time": 1735857306044
}

The amount of photos I have (6)

Those picture counts are even broken down further to the applications that presumably created them.

{
  "type": "event",
  "result": "success",
  "version": "4.19.1",
  "user_id": "F3C57EC5-5DE9-4FB0-8349-7F51234F7342",
  "session_id": "2283ae9898c65e8bc0107f947b050b176e52d9ebce701b66f8daba75a64198e4",
  "properties": [
    {
      "value": {
        "int_value": 0
      },
      "key": "whatsapp_count"
    },
    {
      "key": "telegram_count",
      "value": {
        "int_value": 0
      }
    },
    {
      "key": "snapchat_count",
      "value": {
        "int_value": 0
      }
    },
    {
      "key": "messenger_count",
      "value": {
        "int_value": 0
      }
    },
    {
      "key": "wechat_count",
      "value": {
        "int_value": 0
      }
    },
    {
      "key": "session_count",
      "value": {
        "int_value": 6
      }
    }
  ],
  "duration": 0,
  "event_time": 1735857305652,
  "event_name": "chat_photos_count_by_type",
  "app_id": "com.codeway.cleanerplus"
}

photo counts by application?

Finally, I saw some ad tracking reward and eCPM measurements that made no sense as ads should have only been in play for the free users.

{
  "event_logs": [
    {
      "result": "success",
      "app_id": "com.codeway.cleanerplus",
      "type": "event",
      "event_name": "ad_loaded",
      "properties": [
        {
          "value": {
            "string_value": "739C36F4-A8D3-4C38-8E29-F009F774C298"
          },
          "key": "identifier"
        },
        {
          "key": "type",
          "value": {
            "string_value": "rewarded"
          }
        },
        {
          "key": "network",
          "value": {
            "string_value": "IRONSOURCE"
          }
        },
        {
          "key": "ecpm",
          "value": {
            "float_value": 5948
          }
        },
        {
          "value": {
            "int_value": 6
          },
          "key": "session_count"
        }
      ],
      "session_id": "2283ae9898c65e8bc0107f947b050b176e52d9ebce701b66f8daba75a64198e4",
      "event_group": "advertisement",
      "duration": 0,
      "user_id": "F3C57EC5-5DE9-4FB0-8349-7F51234F7342",
      "event_time": 1735857313512,
      "version": "4.19.1"
    }
  ]
}

live RTB (real time bidding) on ad placement

What did bug me though is I went back to the Apple page for this application and scrolled down to the privacy section.

Usage data not linked to me, but proven above...

It seemed misleading to say all this data was not linked to me, when I saw my user_id in all the payloads connecting this mentioned usage data to my user.

Thankfully though as I investigated further - none of my photos were getting sent anywhere. Just huge amounts of metadata about my device and my content with the 6+ analytic services installed to track my every movement in the application.

So now I had a solid amount of network traffic recorded to audit, so I pulled the .ipa file (via ipatool) to automate some of my research with MobSF. I maintain Apktool for the Android side, so I've become quite familiar with this great open source tool as it works for both iOS & Android.

Scrolling through this report I was surprised to see a domain (admost.com) that allowed insecure HTTP traffic. With a bit of research I saw it was a requirement to use this ad service. Which also seems quite shady as ad networks that aren't leveraging pure SSL smells like danger.

It felt incredibly dirty to see "Some ad content may access calendar" which explains why this application requested the calendar permission. They just copied the permission request nearly word for word from the ad installation guide of Admost. This is where my first rant against Apple begins. As an engineer who submits many applications to Apple in an agency model - it blows my mind how many rejections we get because our reason for why we need a certain permission is denied in completely legitimate use-cases.

So please tell me Apple - who rejects us for incomplete descriptions and challenges the permissions we request. How are these acceptable descriptions or permissions for an application that helps clean up clutter?

Calendar - "for ad content"? - Seriously?
Contacts - "We need an access to your contact list"
GPS - "We need an access to your location for app improvement" - you mean tracking/selling right?
Microphone - "We need an access to your mic" - why?

Come on Apple. I know from experience we'd be rejected 10 times over for descriptions like this and probably flat out denied if we requested permissions like above for what this application is.

Though if you are Apple - you are probably making a killing on these predatory pricing plans who prey on the elderly. It may have been this little ad below which explained in generic terms of a cleaning app which is free to try.

Which via adjust.com brought the lead directly to the App Store for downloading and enticing into a weekly subscription.

So at this point I had another application to rip apart, but I could personally summarize this Cleanup: Phone Storage Cleaner application as:

Priced in a predatory manner with ads that target the elderly across Facebook & YouTube.
Offers features that are already built into iOS at this point from merging duplicate contacts, merging duplicate photos, hiding photos and more.
Despite payment includes 6+ tracking/analytic platforms to learn as much about you as possible during usage.
Collects that information to build a user profile to sell ads to you in a RTB (Real-Time Bidding) manner.

Though let's not trust my word for it. Let's look at 3 random reviews.

Random 3 reviews from Cleanup: Phone Storage

So as I picked 3 reviews from the 9 I could see. I could break these down as:

Someone upset the application is $8/week.
A clearly LLM/AI generated 5 star review.
Someone wondering how this application was installed/charging for so long.

So if I didn't make it clear enough. There is exactly zero reason anyone should ever buy this application or use it. You can get nearly all the same functionality natively from iOS without getting all your usage and metadata sold away by the same company you are paying for that honor.

So before I went through the next application I started looking at the top 50 utility applications on the iOS store and I noticed there were quite a few applications that seemed to followed this exact behavior. By exact behavior I mean an application that is free to download, but immediately coerces you into a paid subscription and then harvests all your metadata for features you can arguably obtain in iOS natively for the purpose of cleaning up photos.

So I collected all those applications and put their IAP's next to them and got to work proving my claims.

iOS Cleanup apps with weekly IAPs in top 50.

Now it would be time consuming to do the same level of research on these remaining applications, so let's do a quick breakdown of all these cleanup apps and see how close my claims are to accurate.

Cleaner Guru: Cleaning App

Cleaner Guru which looks near identical to Cleanup

Onto the 2nd application I was immediately sad as this application looked near identical to the 1st I researched. While this application started with a similar weekly subscription (or yearly) - it offered a "lite" mode.

A "lite" mode that was $1 cheaper a week, but removed swipe cleaning, video compression, contact management and secret storage! I couldn't believe what I was seeing - sure get $1 off and we will take everything away from you except the absolute bare minimum while still being charged $6.99/week.

I thought I got clever and hit the little "x" in the top right during payment and I was dropped into the app without setting up a subscription. Silly me thinking that would work as the instant I tried to delete a photo or perform a process - it redirected me right back to the subscription setup screen.

I was less interested in doing another dance with credit cards, so it was straight to network logs and static analysis. For a change of pace I was happy to see the dangerous permissions were small and the reasoning reflected the true purpose for said permission.

2 dangerous permissions for Cleaner Guru

In terms of analytics this application was smaller than our previous with the following services:

Firebase
AppsFlyer
Amplitude

Which was reflected on the MobSF scorecard as a less risky application to your privacy.

MobSF scorecard for "*Cleaner Guru: Cleaning App*"

However, for how positive I was we are still discussing an application that most features can be found natively in iOS for free. So if you believe paying weekly for something that might still shoves ads in your face for the honor of deleting photos & merging contacts is worth the spend - go for it.

Let's take a look what 3 random reviewers say about this application in the meantime.

3 random reviews from "*Cleaner Guru: Cleaning App"*

Of course we have folks upset about the pricing and the confusion around the different types of weekly charges they get. We might have some less technical users misunderstanding the exact process on how you cancel a subscription, but don't worry the company believes "they do not trick users". Finally, we have an emoji review that smells like another AI generated blob of text boasting the 5 stars.

Photo Cleaner: Swipewipe

As I hit this application - it was the first one to be largely visually different than the rest. With a bit of research I found this application was acquired by MWM from AfternoonProducts for the purpose of:

That’s when a company O’Kane had never heard of before, MWM, reached out. The French firm pitched its new publishing platform where it worked with third-party studios to provide ad spend and monetization support.

I want to believe this application was built without this predatory pricing, then it was acquired and used to milk as much money from end users as possible until it fades away.

As I read a few of the 9 reviews I can see, 2 of them stood for different reasons.

In this case I was surprised to see a review from January 20, 2024 discussing the $4.99/week plan which is now 1 year later at $9.99/week. I know there has been some economic turmoil but increasing a weekly subscription by $5 within a year seems pretty insane to me. Would people actually pay more for an application to delete photos than they would for Netflix?

The other review is basically my opinion about these applications as well - worded just a bit more bluntly than this blog. Just a note - iOS developers cannot remove Apple Store reviews unless they report the review and it's up to Apple for that discretion.

Ignoring the reviews - this is the classic acquisition model at its finest - take a successful application made by a different party with a following. Cripple the application with monetization, data harvesting and ads. Once folks catch on and leave the application you've presumably made your investment and more back - just in time to let the application decay and acquire another.

I'll end this application with a little MobSF scorecard.

AI Cleaner: Clean Up Storage

I was now starting to understand how these applications worked. They dropped you on the subscription page, but you could always find a little "x" that brought you into the application for free. However, what you could do in this application like the others is bleak. With ads shoved in your face and most actions just redirecting back to payment - let's be honest here there is nothing free about these applications.

I did giggle a little though when I got an ad in my face. The ad looked like it could prey on those ill-informed, but it was an advertisement to a different cleaning app while in a cleaning app. I guess this is a wealthy industry of cleaning apps fighting over the users. Maybe that is why all these applications look roughly the same in terms of features? If my grandma or someone falls for this advertisement and installs yet another cleanup app - it'll act like the one they remember.

An ad in a cleaning app - advertising a different cleaning app!

Though as much as I giggled it was only an ad that popped up while exploring this application. It seems the business model is to trick a user into starting the subscription, then hoping they uninstall the application and forget about the subscription. Apple should really do a better job here on auto-cancelling subscriptions if folks delete the corresponding application. The reviews help paint the picture of the anger uses feel.

Reviews for "*AI Cleaner: Clean Up Storage*"

Which is just a user mad that this merging logic merged all their contacts into 1 person, while the other two are upset about hidden charges. Both probably unaware that simply removing the application from your home-screen (or uninstalling) does not end the subscription.

As I took a dive into the analytics (AppLovin, Facebook, Firebase) I once again saw Unity network requests. It was crazy to me how many of these cleanup applications were Unity based.

MobSF Scorecard for "*AI Cleaner: Clean Up Storage*"

Turbo Cleaner: Clean Storage

As I hit an application with "turbo" in the name I expected to see some magic, but I was quickly disappointed. Their subscription model was just so interesting to me as it started with the common 7 day free-trial followed by a $6.99/weekly price. However, if you want to skip the free trial just hand over $2.59/month and you are set!

Like these prices are incredibly different - pay weekly at $6.99 or pay monthly at $2.59. That is nearly a $20 difference in funds per month on the payment plans. So I found the little "x" and got myself loaded up into the application as a free user.

Home-screen as "free user" of *Turbo Cleaner: Clean Storage*

I felt like I was installing duplicate applications or at least applications that were identical in features. Its like all these companies got together and worked together to offer the exact functionality and subscriptions but a completely different themed interface. So I did a quick investigation on the respective companies of these applications:

GM UniverseApps Limited (Guru)
Codeway Dijital Hizmetler Anonim Sirketi (Cleanup)
MWM (Swipe)
BPMobile (CleanerKit)
JK REPAIR PTE. LTD. (Turbo)
娜石 (AI)
GRIMLAX TRADE, S.L. (AI)

Maybe a blog post in the future will dive into these companies and see if any connections exist, because with my free access to D.U.N.S numbers I cannot find any connection. I'm guessing much like Flappy Bird was cloned thousands of times from its success - once one application showed success the others cloned that idea.

I glanced the reviews and the stories were the same no matter which application I was looking at.

3 reviews from "*Turbo Cleaner: Clean Storage"*

The reviews here range from making no sense to complaints about the weekly price and folks once again unaware that you have to explicitly cancel a subscription - not just remove an application. It takes some guidance especially for the older generation or less tech savvy folks to teach navigating into iCloud Subscriptions and cancel the payment outside of the app you are trying to cancel.

MobSF Scorecard for "*Turbo Cleaner: Clean Storage*"

At least this application has a more respected privacy viewpoint than the others - they just urge you onto a payment plan at all costs.

Clean Up Storage - Cleaner Kit

Cleaner Kit offering a free trial or just straight to payment.

Now these applications are getting generic/confusing on their naming - this time after opening "Clean up Storage - Cleaner Kit" I was sad to see the entire focus was on whether you get a free trial or not. Regardless of the option you select you have to enter into a weekly contract - its just whether you are charged now or later. Thankfully like the other applications just look for the little "x" to try out the application with an incredibly limited experience.

This time I went straight for the reviews, but as you can expect at this point the story is the same.

3 reviews from "*Clean Up Storage - Cleaner Kit*"

This time we have two users both caught off guard from the free trial that became a weekly charge they forgot about. They are upset and letting the world know, but don't worry to offset the anger displayed in public we have another clearly AI/LLM generated 5 star review to balance it out.

I would think Apple should be on a endless mission to rid the App Store of clearly purchased AI generated 4-5 star reviews.

MobSF Scorecard for "*Clean Up Storage - Cleaner Kit*"

As I looked into MobSF and validated the analytic software in play I was less surprised to see Firebase, AppsFlyer and Amplitude in-use. Once again these applications were similar in functionality, software and even the platforms they were built from.

AI Cleaner: Storage Cleaner

I had to triple check I was using the right application during this one, as it had the same exact pricing as Turbo above. I guess that doesn't mean much when all these applications are matching each-other pricing leading the market in a scummy way to higher prices for basic functionality.

This time I went straight to the reviews, which was tough with this application as the reviews were so short I couldn't click into them.

9 reviews for "*AI Cleaner: Storage Cleaner*"

These reviews are such an interesting bag to discuss. First we start with the 5 star reviews that call out the interface, features and privacy in distinct different reviews. It almost sounds since the reviews came in on Oct 25, 26 and 31 of 2024 that someone purchased some AI/LLM 5 star reviews to boost this application that were spread out over a week.

We have 5-star reviews of people upset with the application unable to figure out how to cancel it. We have reviews that were probably auto-translated to English that make no sense at all.

So at this point I was exhausted and just opened up MobSF to review some stats.

MobSF Scorecard for "*AI Cleaner: Storage Cleaner*"

This application is a bit newer than the rest and hides among the competitors with hot terms like "AI" and "Cleaner". However just during this investigation this application fell all the way to #78 in the top free utility apps. It seems it's a brutal competitive business to scam folks into predatory subscriptions for features you can just get for free natively from an updated iOS phone.

As we close up this long post - it is clear all these applications are slightly different in how shady they are. While some applications force you into a payment plan then extract as much data they can from your device with a suspect list of permissions other applications stay a bit more truthful to their purpose.

Either way all applications listed above have found an attraction with weekly pricing and some dance with ads targeted to our elder population in hopes to lock them into pricing plan they forget about. Thus lining the pockets of companies who laugh all the way to the bank.

Source details of researched applications as well as the MobSF PDF reports below.

Cleanup Phone Storage Cleaner