26 March 21, 07:28
Quote:Continue Reading
Fleeceware scams promise free subscription trials but deliver costly charges to victims
Researchers at Avast have discovered a total of 204 fleeceware applications with over a billion downloads and over $400 million in revenue on the Apple App Store and Google Play Store. The purpose of these applications is to draw users into a free trial to “test” the app, after which they overcharge them through subscriptions which sometimes run as high as $3,432 per year. These applications generally have no unique functionality and are merely conduits for fleeceware scams. Avast has reported the fleeceware applications to both Apple and Google for review.
The fleeceware applications discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’. While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market.
It appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or ‘free to download’. By the time parents notice the weekly payments, the fleeceware may have already extracted significant amounts of money.
The data is startling: with nearly a billion downloads and hundreds of millions of dollars in revenue, this model is attracting more developers and there is evidence to suggest several popular existing apps have updated to include the free trial subscription with high recurring fees. Unfortunately, this endeavour can be lucrative even if a small percentage of users fall victim to fleeceware.
How does fleeceware work?
Fleeceware is a recently coined term that refers to a mobile application that comes with excessive subscription fees. Most applications include a short free trial to draw the user in. The application takes advantage of users who are not familiar with how subscriptions work on mobile devices, meaning that users can be charged even after they’ve deleted the offending application.
A majority of the applications that our team has discovered lure users in with a promise of a free three-day trial, attaching a subscription that commences at the end of the trial. Once the trial is over, the user is charged a recurring high subscription fee, generating substantial revenue for the developers.
Importantly, uninstalling the application doesn’t cancel the subscription — as a result, the user is likely to be charged further until they cancel the subscription within their device’s app market settings. There’s also the possibility that users forget to cancel the free trial, resulting in expensive fees. Either way, these scams make use of deceptive behavior that relies on the user not being informed about how subscriptions work and draws them into the scheme through a free trial.
There is a wide range of subscriptions being used by these fleeceware applications, ranging from weekly and monthly to annual fees. In some cases, users can be charged as much as $66 per week, totalling a ludicrous $3,432 per year. Most of the discovered applications range from $4 to $12 per week, which equates to $208 to $624 per year. It goes without saying that users are extremely unlikely to willingly pay this amount for these applications.An emerging trend is that several popular applications have converted to the subscription-based fleeceware model. Applications that were previously free or required a one-off fee to unlock all features now offer expensive weekly subscriptions. Judging by reviews, sometimes users who have previously paid for the full application are also forced into the fleeceware subscriptions without being given access to the already-purchased app. It is likely more developers will follow suit, as the revenue generated from fleeceware is evidently substantial.
Adverts and fake reviews are used to spread fleeceware
As these applications are not considered malware and are available on official app stores, they also have access to official advertisement channels to spread the fleeceware scheme. According to Sensor Tower’s Ad Intelligence, these applications are actively advertising on major social networks such as Facebook, Instagram, Snapchat and TikTok. Due to this scheme’s lucrative nature, the actors are likely investing substantial amounts of money to further propagate these apps via popular platforms.
...