Watch Out! Android Apps Could Clean-up Your Bank

These apps downloaded and installed by over 600 million users from Google Play Store continue to charge users even after the app is uninstalled post the trial period)

 

Every year a new term appears out of nowhere to describe a trend in the world of technology and this time round the coinage is Fleeceware, which as the name suggests fleeces users by charging for apps that they download and then never stop doing so even if one uninstalls it after or during the trail period.

Security research firm Sophos had called out this malpractice in September last about how some app publishers had a cool business model whereby users got charge excessive amounts for apps if they didn’t cancel a subscription before the free trial window closed. Now, the same team has found out that more than 600 million Android users are affected by this.

In a statement made available on the company’s website, Sophos says while Google did take down all the apps previously reported, a new set has appeared on the Play Store. The total number of such installations are close to 600 million with the total app count being in the range of just about 25, suggesting that the core of the problem is small.

The company goes on to state their belief that the install count could have been manipulated in order to ensure better rankings and an improved chance of getting downloaded and installed. The category of apps that have been acting as fleeceware include fortune tellers, instant messengers, video editors and beauty apps, the report says.

The statement from Sophos says that “Fleeceware apps often charge a very large amount, which publishers characterized as an annual subscription to their software. For e.g. if you were charged more than $200 for an app, you might be able to justify it as being “only $16.67 a month but that doesn’t consider the fact that the app merely does, for e.g. a reverse image search – something Google offers as a free service anyway.”

The researchers argue that the modus operandi is in direct contravention of the default practice where users who sign up for an app trial period do not need to cancel it manually to avoid being charged. Most app developers interpret this action as a cancellation and refrain from charging the user.

Last year, Sophos discovered 24 Android apps that were charging obscene fees (between $100 and $240 per year) for the most basic and simplistic apps, such as QR/barcode readers and calculators. Now, there is a new list which malware analyst Jagadeesh Chandraiah feels may have used third-party pay-per-install services to boost their counts.

How Should Customers Respond?

Chandriah says in his blog that there are a few steps that users could take to ensure their own safety:

  • If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps which offer subscription-based charges after a short trial.
  • Nobody likes to read the fine print, but if you do happen to install an app that asks you to sign up for a free trial, it pays to read everything on the trial prompt to make sure you won’t be charged lots of money for an app.
  • It pays to treat apps like these with suspicion. Read reviews before you install the app; Keep in mind that app publishers might also be manipulating reviews by filling them with five-star ratings that don’t tell you much.
  • If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondence with the publisher, and be prepared to share that with Google if you end up disputing the charges.
  • Finally, even if one of these apps looks great, it pays to search for similar apps from developers or publishers with a good reputation. In most cases, free alternatives abound.

 


TAGS: malware, Fleeceware, Android, Android Apps, Apps, Sophos Labs, Payment Frauds