Fleeceware apps installed by over 600m Play Store users
Signing up for an Android app's trial period could cost you
A new set of “fleeceware” apps have been discovered that appear to have been downloaded and installed by over 600m Android users according to security researchers at Sophos.
The cybersecurity firm first coined the term fleeceware last September after it discovered a new type of financial fraud taking place on the Google Play Store. The term itself refers to apps that abuse the ability to offer trial periods to users before their accounts are charged.
When a user signs up for an Android app trial period, they have to manually cancel the trial to avoid being charged. Most users just uninstall apps they don't like and the majority of app developers take this as a sign that they wish to cancel the trial period without being charged.
- Google wants to rid the Play Store of bad apps
- Shady Android apps charge users hundreds of dollars for failing to cancel free trials
- Google boosts bug bounties for Play Store apps
However, last year Sophos discovered that some app developers didn't cancel an Android app's trial period after it was uninstalled and instead kept charging them despite the fact that they were no longer using the app.
Fleeceware apps
According to Sophos, the firm said that it initially discovered 24 Android apps that were charging high fees, between $100 and $240 per year, for simple apps such as QR readers and calculators after their trial periods ended.
In a recent report though, Sophos revealed that it had discovered another set of Android fleeceware apps that were installed by over 600m Android users. The company's Jagadesh Chandraiah explained how these fleeceware apps were able to become so popular on the Play Store in a blog post, saying:
“Some of these apps are very unprofessional looking. Based on past experience, it may have been the case that these app developers could have used a paid service to bloat their install counts and forge a large number of four- and five-star reviews. You can identify some of these falsified user review clusters if you scrutinize the recent 5 star reviews; one-to-three word, five star reviews have a propensity to be “sockpuppet” reviews.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Fleeceware apps remain a problem that Google will have to deal with on the Play Store but to prevent falling victim to their scams, it is recommended that users think twice about signing up for a trial period, remember to cancel any trial periods they do sign up for and check their Play Store payment history for any suspicious charges.
- Also check out the best antivirus software
Via ZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.