Fleeceware apps detected on Google Play, stealing money, neutralized

A repository of Android apps have been discovered on Google’s Play Market whose sole purpose reportedly appears to be to severely overcharge users for mobile apps that provide very simple functionality available on low-cost or free apps. This finding coincides with the National Cybersecurity Month observed during October every year. It has given rise to a new form of cyber threat called fleeceware.

Fleeceware threats  

The new fleeceware has been discovered by Sophos Labs. Researchers state that the app developers take advantage of a business model available within the Play Market ecosystem in which users can download and use these apps at no charge for a short trial period. After the expiry of the trial period, if users download and install any of these apps, such apps charges the user. For normal apps, this costs only a fraction cost; but the publishers or developers of fraudulent apps routinely charge users premium amount (Rupees, Dollars, Euros, depending on the geographic region in which the user resides). 

As far as these apps are concerned, Sophos researchers state that these do not appear to be malicious or contain malicious code; some of these apps may even have useful (if redundant) functionality. However, it’s hard to imagine that anyone who is charged hundreds of dollars for a simple barcode reader or photo filter would consider such an expense “potentially unwanted” – nobody desires this, obviously. Because these apps exist in a categorical grey area that is not overtly malware and thereby is not a potentially unwanted app (PUA), researchers state that they hence coined the term fleeceware, because their defining characteristic is that they hugely overcharge users for functionality that’s widely available in free or low-cost apps. Sophos is even said to have shared, a list of fifteen apps exhibiting the above behaviour, to Google. The internet giant also reportedly removed some of these apps, from the Play Store Researchers state that 14 of the 15 apps intimated to Google are now removed. Because the apps themselves are not found to be engaging in any kind of traditionally malicious activity, they have been found to defy the rules that would otherwise make it easy for Google to justify removing them from the Play Market. Their developers also seem to be very good at staying under the radar from security vendors. Even so, there are other characteristics of these apps that make them less-than-desirable, inform Sophos researchers. 

 Nature of these apps is simple. In most cases, there are free alternatives from well-known vendors already available on the Play Market. “The makers of an app called Professional GIF Maker charges users €214.99 when the trial ends. We haven’t seen apps sold at this price before. It’s a business model that walks a fine ethical line, but it is apparently successful,” state researchers at Sophos. “Some percentage of users will fail to cancel the trial, even if they intend to do so, and the app makers earn their keep on the backs of users who forget to unsubscribe, or ask for a refund within the short window in which they can do so.” "From the user reviews on the Play Market store, it’s clear that many users who installed these apps and were subsequently charged extortionate fees are understandably furious. Users indicated that they were charged different amounts based on their geographic region. Some people are asking Google to take these apps down, and some want get a refund." add researchers. (Main image credit: Pixabay). 

Also Read: Only 8% IT Managers In India Seemingly Have Skilled Resources To Investigate And Respond To Cybersecurity Threats - Survey