Over $500 million scammed using "fleeceware apps" in App Store & Google Play

Over $US400 million ($AUD525.6 million) has been made by scammers through “fleeceware applications”, an increasingly popular avenue for cyber thieves to take recurring payments from often unsuspecting users.

Alarming new research conducted by multinational cybersecurity software company Avast found that 204 applications, with almost a billion downloads combined, were made available on the Apple App Store and Google Play Store with one common purpose: draw in users with a claim of being able to “test” the app with a free trial and then overcharge subscription fees.

Those behind these types of applications rely on users who are not fully aware of how to control subscriptions on their mobile devices. A three-day free trial, for example, can follow with a costly fee that continues to autocharge accounts – and that continues even when apps are deleted from devices. Some subscriptions run up costs as high as $US3.4 thousand a year.

App topics to watch out for

Among the type of apps found to be attracting these offending developers:

Musical instrument apps
Palm readers
Image editors
Camera filters
Fortune tellers
QR Code readers
PDF readers
Slime simulators

The report suggests that while these apps are generally doing what the user expects them to, they are ultimately relying on significant overcharges that far surpass the cost a user would expect to pay. The costs of these apps also end up being much higher than competitor applications.

Younger users are among the most targeted, with parents feeling the brunt of exuberant fees after prolonged recurring payments.

It’s not, technically, malware

Since these apps rely on user awareness and know-how, they are not considered to be malware. After all, there’s fine print everyone should read, users should know how to turn off subscriptions to all their app downloads, and everyone should be keeping a close eye on every cent that is taken from their bank account. Right?

Troublingly, these applications are also allowed to advertise on social media platforms such as TikTok, Snapchat, Facebook and Instagram, where often young audiences are the target of click-baity marketing and “free to download” promises.

ALSO READ – Australia probing default search engines & browsers on devices; Google & Apple in the spotlight

And then there are those reviews found on the app profiles. 4 stars, 5 stars, “Wow. Great of so perfect app to buy now!” … Looks legit.

“Upon closer investigation, it becomes apparent that a big portion of the reviews are fake (they contain repeating text or are poorly-worded and generic in nature),” reads the Avast report.

“There is reason to believe this form of review boosting is becoming a more prominent practice.”

How to avoid the fleeceware scams

Avast has the following advice:

“Be careful with free trials of less than a week.

Make sure you understand how much you will be charged and ensure that the app is worth the recurring fee.

Read the fine print.

Carefully read the application’s profile on the app store, paying special attention to the “in-app purchases” section. Familiarize yourself with the conditions of what you’re subscribing to, even if it’s a free trial.

Be skeptical of viral advertisements.

Fleeceware adverts are likely to have the look and feel of a viral, edited video that doesn’t represent the actual application.

Shop around.

If the charges for an application seem excessive or not representative of its offering, search for other applications that offer similar functionality. In many cases, fleeceware apps mimic similar applications that may be cheaper (or even free).

Secure your payments.

Ensure that your payment methods are locked behind a password or biometric check. This can prevent accidental subscriptions by children as well.

Discuss the dangers of fleeceware with your family.

Educating your children on how to avoid potential scams and dodgy applications can go a long way toward preventing unwanted charges.”