Some apps available from the Google Play Store have been found to be fleecing users of their money. The Android app ecosystem is a varied one – and with such variety comes many ways in which bad actors can release dangerous apps. One of the newer types of apps are so-called fleecing apps giving way to the “fleeceware” name.
In September of last year, SophosLabs reported on a new issue affecting owners of Android devices. The issue surrounded the downloading of apps that came with a free trial period before automatically charging the user a subscription fee. Typically, those apps would either be cancelled by the user before the trial expired or uninstalled, with the uninstallation acting as a signal to the developers to end the subscription. However, these questionable apps don’t act how one would expect them to. Instead, they ignore the uninstall and continue to charge the user even though the app is gone.
In a new report, SophosLabs explains how a number of apps are continuing to charge people for an app long after they’ve stopped using it. In some cases the charges can seriously rack up. While the researchers had already brought attention to the issue (causing Google to remove those apps from the Play Store), the researchers have found many more apps doing exactly the same thing. The apps are also not resigned to one type, but instead cross much of the app ecosystem with entertainment, utility, messaging, video editing, and beauty apps scamming people. Adding to the frustration for users, many reviews found by the research team suggest that even when users become aware of the scam, there’s little they can do to actually recoup the money. In some cases, the losses are substantial. While the amount charged per app varied, some rose in price to €8.99 per week. That equates to €467.48 ($520) over the course of a year.
Yet Another “Ware” Android Users Need To Be Aware Of
While all devices and platforms are subject to threats, the laundry list of threats to Android users seems to keep growing. Just recently, a number of different Android apps were found exhibiting different but equally unwanted behavior. While these fleeceware apps continue to charge users, the previous batch of bad apps had a habit of waiting a period of time before hiding themselves away in the user's phone system. Once hidden, they would then begin spamming the user’s device with ads.
What’s concerning about these reports is that not only are they targeting users in different ways, but also how good they are becoming at circumventing Google’s security and app vetting process. Fleeceware apps also managed to avoid Google’s detection and ended up installed on countless devices. In fact, while the last group of bad apps were thought to have been downloaded more than 500,000 times, the researchers found these apps were downloaded almost 600 million times. Although, the researchers do expect that to be an exaggerated number and likely fueled by the developers employing methods to artificially boost downloads - another way apps look to disguise themselves as genuine and useful. To avoid instances like this affecting you, the researchers warn of being extra vigilant and skeptical when downloading apps that offer a free trial followed by a paid subscription. Especially apps from developers or brands you are unfamiliar with.
Source: SophosLabs