Sophos issues 'fleeceware' warning
A new report finds Android apps designed to drain user’s wallets have been downloaded more than 600 million times.
Cyber security firm SophosLab says so-called “fleeceware” apps tend to charge users excessive amounts of money for apps with a short trial period.
“App developers take advantage of a business model available within the Play Market ecosystem in which users can download and use the apps at no charge for a short trial period,” the company says.
“When the trial expires, if the user who downloads and installs one of these apps hasn't both uninstalled the application and informed the developer that they do not wish to continue to use the app, the app developer charges the user.”
Sophoslab says Google has been fairly quick to remove fleeceware apps once they were reported in the past, but the company is concerned that more apps will continue to be added.
“Fleeceware remains a big problem on Google Play,” SophosLab said.
“A few of the apps on the store appear to have been installed on 100 million plus devices, which would rival some of the top, legitimate app publishers on Google Play.”
SophosLab pointed to one example - Daily Horoscope Service, which has been downloaded 500,000 times, and charges users a weekly subscription fee of AU$101 per week after a three-day trial is over.
“This business model can cause significant harm to users, and there's little recourse,” the company explained.
“The Google Play Store policies are significantly less consumer-friendly than US credit card policies.
“Those who have managed to get refunds have been able to obtain them only with great difficulty.”
SophosLab says users should “rigorously avoid” apps that offer subscription-based charges after a short trial.
“If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period,” the company said.
“Some publishers require you to send a specific email or follow other complicated instructions to end the free trial.
“Keep copies of all correspondence with the publisher and be prepared to share that with Google if you end up disputing the charges.”