Another warning for Android users as to the perils lurking on the Play Store this week, with a new report from the research team at Sophos into the menace of so-called fleeceware. These are devious little apps that fool users into downloading them with the promise of some usually trivial functionality, and then initiate a paid subscription after a sneakily short trial period. To give you an example of how damaging these can be to your bank balance, Sophos told me that the worst culprit simply displayed a daily horoscope—“the subscription to that app costs €55 or $70 per week.”
The biggest risk here is that deleting the app doesn’t end the subscription—you need to manually cancel that separately. I first reported on this fleeceware menace in September. Back then, the scam tended to lure users into an annual subscription when the trial period ended. All of those apps have been removed from the Play Store, and this new lot have evolved their tactics, requesting weekly or monthly subscriptions. “Even though the annual cost remains high,” Sophos told me, “shorter subscriptions cost a lot more if someone subscribes for a year at the monthly or weekly rate.”
The twist here is that there is nothing overtly malicious in the apps that Sophos has found, it’s a straight con, a trick, no different to a phone sales scam. In a moment of boredom you install a fortune teller or a screen recorder app, you read the trial period disclaimer and tell yourself you’ll remember to delete the app before you’re charged. And then, understandably, you forget or you delete the app and leave the subscription in place. Obviously, not all installs end up in a scam subscription, and there’s a likelihood that the operators have inflated their install numbers with some form of paid push campaign. But there will be a very significant number of victims out there.
The fact is, these kinds of apps are never good news and should not be downloaded in the first place. Sophos warns that “this business model can cause significant harm to users, and there’s little recourse—the Google Play Store policies are significantly less consumer-friendly than US credit card policies. Those who managed to get refunds have been able to obtain them only with great difficulty.”
The apps often present an additional challenge in finding and deleting them, changing their names in the Android interface to slip your memory. “The name change is definitely an added challenge,” Sophos explained. Another sneaky trick these apps have in common is promoting five star reviews to generate the feel of popularity and quality. These “unreasonably high ratings” are crafted by frequent prompts within the apps for a full-marks rating. It’s a trickster machine.
“The total number of installations of these apps,” Sophos says, “as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.”
As I’ve written many times now, free apps are free for a reason. With malware, there is usually no outward signs on installation that you’re in for a nasty surprise. With these apps, though, you can see that you’re being pushed towards a VIP experience or in-app purchases. Unless it’s a genuine app and you’re sure you’re likely to want to pay for it, you should not accept subscriptions. Once the apps have you, there’s a good chance you’ll end up paying. And until you notice the money leaving your card or account, you’ll be unlikely to find them and cancel them.
“While [Google] did take down all the apps we had previously reported to them,” Sophos said in its report, “fleeceware remains a big problem on Google Play. Since our September post, we’ve seen many more Fleeceware apps appear on the official Android app store.” The updated list of apps released by Sophos is here—if you have any of them, delete them right away and check your subscriptions or payment history and cancel anything you don’t recognise or appears on this list. There are many more fleeceware apps than just these, so also check your payments for anything unusual.