Four months after fleeceware’s initial exposure, Android users who purchase “subscriptions” to apps from the Google Play Store are still at risk of being ripped off.
Fleeceware hit the news in September 2019, when researchers at SophosLabs showed how some app publishers were using a sneaky business model to drastically overcharge Android users for basic services.
On the Google Play Store, researchers found multiple instances of app publishers operating a system where users could be charged excessive amounts of money for apps if they didn’t cancel a “subscription” before the short free trial window closed.
New research published today by SophosLabs reveals that fleeceware has not been shorn from the store.
“While the company did take down all the apps we had previously reported to them, fleeceware remains a big problem on Google Play,” wrote researchers.
“Since our September post, we’ve seen many more Fleeceware apps appear on the official Android app store.”
New fleeceware flagged by SophosLabs includes entertainment or utility apps, fortune-telling apps, instant messengers, video editors, and beauty apps.
Some apps, offering basic services such as a reverse-image search, which Google does for free, charge over $200 for an annual subscription.
Researchers said that the total number of installations of these apps totals nearly 600 million across fewer than 25 apps. Some of the individual apps on the store appear to have been installed on more than 100 million devices.
One popular keyboard app investigated by researchers allegedly transmits the full text of whatever its users type back to China.
Clues to the fleeceware apps’ financial chicanery can be found in customers’ reviews.
“User reviews reveal serious complaints about overcharging, and that many of these apps are substandard, and don’t work as expected,” wrote researchers.
Some users claim to have been charged an annual subscription fee despite unsubscribing by a certain date as per the app’s instructions.
Researchers noted apps offering weekly and monthly subscription payment options in an attempt to make their product seem more budget friendly.
“In one case, we found an app displaying subscription fees of €8.99 per week, or €23.99 per month, which works out annually to €467.48 (if you pay the weekly amount for 52 weeks) or €287.88 (if you pay the monthly amount for 12 months),” wrote researchers.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity