Fleeceware Apps Discovered On The IOS App Store
More than 3.5 million iOS users have installed "fleeceware" apps on their devices, UK security firm Sophos warned in a report published earlier this week.
The term fleeceware is a new addition to the cyber-security jargon and describes apps engaging in a new form of online fraud.
Coined last year by Sophos researchers, the term refers to mobile apps that abuse legal loopholes in the app trial mechanism on Android -- and now iOS.
How fleeceware works
Both the Google and Apple app stores allow app makers to create trial periods for commercial/paid/subscription apps.
Users can install these apps and sign-up for a trial by giving the app permission to incur a charge on the user's Play Store or App Store account. Once the trial period ends, the user is charged automatically on their card and allowed to use the app.
Fleeceware apps take advantage of the fact that app makers can still charge users even after users uninstall the app from their devices.
App store policies allow app makers to create their own trial cancelation steps, and some app makers won't interpret uninstalling the app as a trial period cancellation but instead force users to go through complicated procedures.
But while some app makers have abused this loophole to charge users a few dollars for their apps, some unscrupulous app makers have been fleecing users for hundreds of dollars -- hence the term "fleeceware."
For example, last year, Sophos discovered more than 50 Android apps [1, 2], installed by more than 600 million users, that were abusing trial periods to charge exorbitant amounts of money for basic features that are usually available for
Most of these were flashlight apps, horoscope apps, and barcode scanners that were charging obscene fees ranging from $100 to $240 per year for the most basic of features.
Fleeceware discovered on the App Store
Now, in a report published yesterday, Sophos says they found similar apps on the Apple App Store, engaging in near similar behavior.
"Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune-telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies," said Sophos mobile malware analyst Jagadeesh Chandraiah, who's been looking into fleeceware apps since last year.
The researcher says he identified 32 iOS apps (see table at the end of this article) that charge up to $30/month or $9/week for simple features that are usually available for free. Some of these fees seem small, but they can add up to between $360 and $468 per year, Chandraiah warned.
Chandraiah says that by analyzing app reviews, it was clear that the apps relied heavily on online ads to drive traffic and installs, but then failed to provide any meaningful features, and later charged users when they didn't follow proper trial cancelation procedures.
The Sophos researcher says that many of the apps he identified as engaging in fleeceware-like behavior are some of the highest-grossing apps on the Apple App Store.
"It's debatable that the apps provide 'ongoing value to the customer,' as required in Apple's App Store Review Guidelines for app subscriptions, section 3.1.2(a)," Chandraiah said, suggesting that these apps should not be allowed on the App Store, in the first place.
However, the apps are still available for download at the time of writing. The Sophos researcher suggests that Apple may be allowing the apps to continue on its store because the company makes a commission from all app purchases.
Chandraiah recommends that device owners review their Google and Apple app subscription sections regularly to make sure they haven't been tricked into an unwanted subscription. See instructions below.
On Android:
On your Android phone or tablet, open the Play Store.
- Check if you're signed in to the correct Google Account.
- Tap the hamburger menu icon Subscriptions.
- Select the subscription you want to cancel.
- Tap Cancel subscription.
- Follow the instructions.
On iOS:
- Open the Settings app.
- Tap your name, then tap Subscriptions.*
- Tap the subscription that you want to manage. Don't see the subscription that you're looking for?
- Choose a different subscription option, or tap Cancel Subscription.If you don't see Cancel Subscription, the subscription is already canceled and won't renew.
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more