The iPhone feature that lets families share apps is being used to scam people

Apple’s Family Sharing feature on iOS was introduced in 2014, enabling iPhone and iPad users to share photos, iCloud storage and iTunes media content with up to five family members. 

Unfortunately, it appears the family-friendly feature isn't as secure as one would expect, with reports of Chinese scammers hijacking Apple IDs via Family Sharing and using them to make purchases worth hundreds of dollars.

According to a reader email sent to Business Insider, one user was unable to download apps onto his device as his account was linked to Family Sharing, something he doesn’t remember setting up. The only way out was to remove himself from the sharing feature, which required the permission of a Chinese person whom he had no idea how to get in touch with.

While Apple support was able to get him out of the Family Sharing mess, it's since become apparent that the Business Insider reader wasn’t alone.

App Store shopping spree

A quick search online reveals that scamming unsuspecting iOS users has been going on for a while. Discussions on both Reddit and Apple Community date back to 2016, with people complaining of being added to a ‘family’ or having unfamiliar people added to their Family Sharing account.

According to one user, a scammer from Youku, China, was able to make app and iTunes purchases using a second account associated with his own — something he never did himself. Again, Apple was able to help him sort this out, meaning that the Cupertino company is fully aware of the problem. 

Whether there’ll be a proper fix for this is anyone’s guess, but there are ways you can protect yourself from similar scams.

Staying safe

Going through the forum threads, it’s clear that most people either used the same password across multiple accounts or didn’t have two-factor authentication turned on, making it rather easy for their Apple IDs to be hacked.

Firstly, it’s important to check if any of your online account details have been leaked. The Have I Been Pwned database has a complete list of known breaches; all you need do is enter your email address. 

Ensuring you have unique passwords for all your accounts will also help keep you safe in case of a data breach — if one username and password has been compromised, you’ll know that everything else is fine as they don’t share the same details.

However, the best way to keep your Apple ID secure is to enable two-factor authentication on your iPhone or iPad. This will prevent anyone using your username and password from gaining access to your account without a six-digit verification code that’s sent directly to your device.

Sharmishta Sarkar
Managing Editor (APAC)

Sharmishta is TechRadar's APAC Managing Editor and loves all things photography, something she discovered while chasing monkeys in the wilds of India (she studied to be a primatologist but has since left monkey business behind). While she's happiest with a camera in her hand, she's also an avid reader and has become a passionate proponent of ereaders, having appeared on Singaporean radio to talk about the convenience of these underrated devices. When she's not testing camera kits or the latest in e-paper tablets, she's discovering the joys and foibles of smart home gizmos. She's also the Australian Managing Editor of Digital Camera World and, if that wasn't enough, she contributes to T3 and Tom's Guide, while also working on two of Future's photography print magazines Down Under.