Nearly a year on from its first report on ‘fleeceware’ apps that lure customers into paying exorbitant subscription fees, Sophos researchers have released their latest update, Truth-in-advertising policy fails to curb fleeceware.
The first report indicated that there was a collection of Android apps on Google’s Play Market whose sole purpose appears to be to severely overcharge users for mobile apps that provide very simple functionality available on low-cost or free apps.
According to SophosLabs, “The apps themselves do not appear to be malicious or contain malicious code; Some of these apps may even have useful (if redundant) functionality. However, it’s hard to imagine that anyone who is charged hundreds of dollars for a simple barcode reader or photo filter would consider such an expense “potentially unwanted” – nobody wants that.”
“Because these apps exist in a categorical grey area that isn’t overtly malware, and isn’t a potentially unwanted app (PUA), we’ve coined the term fleeceware, because their defining characteristic is that they overcharge users for functionality that’s widely available in free or low-cost apps,” SophosLabs elucidated further.
However, in the latest report, Sophos researchers highlight how devious developers are adapting their apps to appear compliant with Google’s new policies for the Play Store that were designed to prevent customers from getting ripped-off.
This new research also reveals:
- Howfleeceware creators are now using misleading language to appear compliant, but are still attempting to dupe unwary users into subscribing for extortionate amounts of money, with some simple wallpaper charging close to US$92 a week!
- How developers are luring users into a “rabbit hole”, getting them to explore t
- he app beyond the launch page, then bombarding them with pricey and intimidating subscription offers, even when they try to exit the app.
- A list of apps found to be either overcharging customers and violating new anti-fleeceware policies.
Based on the tricks seen deployed by the developers, Sophos offers the following top tips to help users spot and avoid money-snatching fleeceware apps:
- Check apps for greyed-out/tiny fine print that could include important information on subscription prices
- Be wary of ‘free trials’, these tend to only last a few days before whacking customers with a hefty automatic subscription
- Avoid generic, unrecommended apps such as photo editors or wallpaper designers, as these seem to be the most common fronts for fleeceware
- Report apps you spot which seem to charge extortionate prices for simple services