25 Android Apps With Millions of Installs Are Fleecing Users: Sophos

Research firm Sophos has discovered a set of 25 Android apps that indulge in ‘fleeceware’ tactics to dupe users. Fleeceware apps are essentially those apps that conduct a financial fraud on Google Play Store by unethically charging users after the trial period is over. Sophos’ list includes apps like Go Keyboard Lite, Astrofun, Easysnap, Face X Play, Filmigo, and more. The UK-based cyber-security firm says that these apps are engaging in fleeceware behaviour, meaning they don’t consider uninstalling of an app as the end of a trial period.

These apps have managed to attract nearly 600 million installs in total, however Sophos mobile malware analyst Jagadeesh Chadraiah says that these numbers may have been achieved by paying third parties to boost install counts and buy fake 5-star reviews. To explain what fleeceware is all about, it’s a term coined for certain apps that indulge in charging users unethically. Some apps offer a trial period for their subscriptions, at the end of which they start charging users. To avoid being automatically charged, the user has to manually cancel the trial period. If they do not manually cancel it, and the trial period does get over, a charge is automatically levied by the app. However, if the user uninstalls the app before the trial period ends, then it is vastly considered as an end to the trial period, and a charge is not levied.

In the case of fleeceware apps, they go ahead and charge users without consent even if the app is uninstalled. The action of uninstalling the app is not considered as a cancellation of trial period subscription. 25 such apps were spotted by Sophos recently that indulge in charging users excessive amounts of money, if they don’t cancel a ‘subscription’ before the short free trial window closes. In September, it first reported of 24 such apps, and now 25 more apps have been discovered since then.

The latest report notes, “A few of the apps on the store appear to have been installed on more than 100 million devices, which would rival some of the top, legitimate app publishers on Google Play.” Earlier, the developer charged an annual fee which amounted to a large number, and once this was discovered, the payment model in some apps shifted to weekly and monthly payments. While they may look small to a user upfront, the annual total charge amounts to be a lot more than the earlier annual charge.

In order to prevent such uninformed debits, users should avoid installing these ‘free trial’ apps which offer subscription-based charges after a short trial. It is also recommended to read all the fine print, if you do decide to install the app and start the trial. A very important practice before installing any app is to read reviews, which often give you a fair idea on the malpractices being conducted. If you are on free trial, understand that just uninstalling the app may not cancel the trial period. Ensure that you manually cancel the trial period on the app and then uninstall it.

The report details, “Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondence with the publisher, and be prepared to share that with Google if you end up disputing the charges.” You can see the full list of the 25 fleeceware apps below.

sophos fleeceware round 2 main Sophos

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *