SophosLabs, a cybersecurity firm has discovered a range of apps on Google Play Store and Apple’s iOS App Store whose sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free.
These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Sophos calls them fleecewear, malicious apps hiding in sheep’s clothing.
“Because these apps exist in a categorical grey area that isn’t overtly malware, and isn’t a potentially unwanted app (PUA), we’ve coined the term fleeceware, because their defining characteristic is that they overcharge users for functionality that’s widely available in free or low-cost apps.” writes Sophos Labs.
They found 25 such Android apps on Google Play store in January and 30 apps on the iOS App Store that could be fleeceware.
“In our capitalistic society, you can look at fleeceware apps and say if somebody wants to waste $500 per year on a flashlight app that’s up to them,” says John Shier, Sophos senior security adviser. “But it’s just the exorbitant price that you’re being charged, and it’s not done aboveboard. That, to me, is not ethical.”
You have to be careful while paying for in-app purchases and especially subscription. These apps will offer a trial period but will demand payment the first time you open the app. Or they could ask high payment for simple basic features like photo filter for 9$ per week or 30$ per month.
Fleeceware apps exploit the marketing model of play store and App Store, finding loopholes to charge their skyrocketing prices. But Google is tightening the leash. It announced last week that developers will be required to make details of subscriptions, free trials, and introductory offers more precise and clear by June 16.
“Part of improving the subscription user experience comes from fostering a trustworthy platform for subscribers; making sure they feel fully informed when they purchase in-app subscriptions,” Angela Ying, Google product manager wrote in a blog.
How to avoid fleeceware?
Through some simple steps you can avoid falling into the traps set by this fleeceware:
- Install apps developed by prominent developers. Big companies and their apps offer features like emojis, selfie filters, and QR code scanners for free.
- If you found something exclusive that the app is providing, it’s better to compare prices by doing a quick search.
- If you think, you’re subscriptions are getting a bit out of hand and want to check which apps you have subscribed to and the ones you’d like to cancel – Play Store and iOS App Store both offer the option where you can see all your subscriptions.
“On iOS, open Settings, tap your name, and then Subscriptions to view and manage everything. Or you can open the App Store, insert your initials in the upper right corner, and tap Subscriptions.
On Android, open the Play Store, tap the hamburger menu icon in the upper right, and choose Subscriptions to view and manage your signups.”