Search This Blog

Showing posts with label Fleeceware. Show all posts

Fleeceware apps earned over $400 million on Android and iOS

 

Researchers at Avast have found an aggregate of 204 fleece ware applications with over a billion downloads and more than $400 million in revenue on the Apple App Store and Google Play Store. The purpose of these applications is to bring clients into a free trial to "test" the application, after which they overcharge them through subscriptions which sometimes run as high as $3,432 each year. These applications have no unique functionality and are only conduits for fleece ware scams. Avast has reported the fleece ware applications to both Apple and Google for audit.

Fleece ware is a recently coined term that alludes to a mobile application that accompanies extreme subscription fees. Most applications incorporate a short free trial to attract the client. The application exploits clients who are inexperienced with how subscriptions work on cell phones, implying that clients can be charged even after they've erased the offending application.

The fleece ware applications found comprise predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’. While the applications for the most part satisfy their expected purpose, it is far-fetched that a client would purposely want to pay such a significant recurring fee for these applications, particularly when there are less expensive or even free options available. 

It creates the impression that part of the fleece ware strategy is to target more youthful crowds through playful themes and catchy ads on famous social networks with guarantees of ‘free installation’ or ‘free to download’. The information is alarming: with almost a billion downloads and hundreds of millions of dollars in revenue, this model is drawing in more developers and there is proof to recommend a few famous existing applications have updated to incorporate the free trial subscription with high recurring fees.

Regardless of whether a client erases the application after they notice outgoing payments, this doesn't mean their subscription stops - which permits the developer to cash in further. Google and Apple are not answerable for refunds after a specific time-frame, and keeping in mind that the organizations may decide to refund as a goodwill gesture in some cases however they are not obliged to do so. Along these lines, the lone choices might be to attempt to contact developers directly or to demand a bank chargeback.

Fleeceware Apps Prey on Android Users

 

A fleeceware application isn't customary Android malware as it doesn't contain pernicious code. Rather, the danger comes from unnecessary subscription charges that it may not clearly specify to mobile clients. Fleeceware tricks a victim into downloading an application that intrigues them. At that point, the developer relies on the client overlooking the program as well as neglecting to see the actual subscription charge. These developers target more youthful clients who probably won't focus on the subscription details. The developer fleeces the victim by fooling them into paying cash for something they probably won't need. Chances are, they won't realize they have or they may have gotten somewhere else complimentary or free of charge.

In January 2020, SophosLabs uncovered that it had distinguished more than 20 fleeceware applications hiding out in the Android market place. These applications acquired an aggregate all out of more than 600 million installations. One of those applications charged clients $3,639.48‬ yearly, or $69.99 every week, for showing day by day horoscopes. A couple of months after the fact, Google updated its policies to guarantee that clients comprehended the full price of an application subscription when free trials and introductory offers end and how to deal with their application subscriptions. That didn't prevent a few people from endeavoring to get around Google's policies. In August 2020, Google eliminated some fleeceware applications for neglecting to incorporate a dismiss button and for showing subscription data in small, light font styles. 

Avast reported seven fleeceware applications to Google Play in mid-November. A large portion of these applications professed to offer Minecraft-related skins, maps, and additionally mods for the well-known game. Others offered skins for different games or advertised themes and wallpapers for Android devices. Utilizing those disguises, the entirety of the applications figured out how to pull in excess of 100,000 individuals before Avast found them. Five of them flaunted more than 1,000,000 downloads. 

Associations can help safeguard their clients against fleeceware applications, for example, by utilizing Mobile Device Management (MDM) to restrict the functionality of applications introduced on corporately owned cell phones. They can likewise utilize ongoing security awareness training and incorporate a list of permitted mobile applications and market places that employees can use on their cell phones.

All you need to know about the new threat "Fleeceware" and how to protect yourself!


SophosLabs, a cybersecurity firm has discovered a range of apps on Google Play Store and Apple's iOS App Store whose sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free.

These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Sophos calls them fleecewear, malicious apps hiding in sheep's clothing. "Because these apps exist in a categorical grey area that isn’t overtly malware, and isn’t a potentially unwanted app (PUA), we’ve coined the term fleeceware, because their defining characteristic is that they overcharge users for functionality that’s widely available in free or low-cost apps." writes Sophos Labs.

They found 25 such Android apps on Google Play store in January and 30 apps on the iOS App Store that could be fleeceware.

 "In our capitalistic society, you can look at fleeceware apps and say if somebody wants to waste $500 per year on a flashlight app that’s up to them," says John Shier, Sophos senior security adviser. "But it’s just the exorbitant price that you’re being charged, and it's not done aboveboard. That, to me, is not ethical." 

You have to be careful while paying for in-app purchases and especially subscription. These apps will offer a trial period but will demand payment the first time you open the app. Or they could ask high payment for simple basic features like photo filter for 9$ per week or 30$ per month.

Fleeceware apps exploit the marketing model of play store and App Store, finding loopholes to charge their skyrocketing prices. But Google is tightening the leash. It announced last week that developers will be required to make details of subscriptions, free trials, and introductory offers more precise and clear by June 16.

 "Part of improving the subscription user experience comes from fostering a trustworthy platform for subscribers; making sure they feel fully informed when they purchase in-app subscriptions," Angela Ying, Google product manager wrote in a blog. 

 How to avoid fleeceware? 

Through some simple steps you can avoid falling into the traps set by this fleeceware:


  1.  Install apps developed by prominent developers. Big companies and their apps offer features like emojis, selfie filters, and QR code scanners for free. 
  2.  If you found something exclusive that the app is providing, it's better to compare prices by doing a quick search. 
  3.  If you think, you're subscriptions are getting a bit out of hand and want to check which apps you have subscribed to and the ones you'd like to cancel - Play Store and iOS App Store both offer the option where you can see all your subscriptions. 


"On iOS, open Settings, tap your name, and then Subscriptions to view and manage everything. Or you can open the App Store, insert your initials in the upper right corner, and tap Subscriptions. On Android, open the Play Store, tap the hamburger menu icon in the upper right, and choose Subscriptions to view and manage your signups."

Over 600 Million Users Download 25 'Fleeceware' Apps from the Play Store


Researchers at security firm Sophos has discovered a new set of Android apps present on the Google Play Store that contain fleeceware. Notably, these apps have been downloaded and installed by over 600 million unsuspecting Android users.

The term 'Fleeceware' was first coined in September 2019 by cybersecurity firm Sophos in aftermath of an investigation that led to a new kind of financial fraud on the authentic Google Play Store.

Fleeceware is a new addition to the cybersecurity ecosystem, referring to the exploitation of the trial period mechanism in Android apps which generally is provided before one is charged for the full version from his signed up account.

Normally, users who register for an Android app's trial period are required to cancel the same manually in order to avoid being charged. However, it's common among users to simply stop using the app by uninstalling it in case they don't like it. The action of uninstalling is read by the developers as trial period being canceled and hence it doesn't result in the due amount being charged from the user account.

The UK based, a cybersecurity company, Sophos told that it identified over two-dozen android apps containing fleeceware, these apps were charging somewhere around $100 and $240 per year for apps as basic and mainstream as barcode readers, calculators, and QR scanners.

Suspecting the unusually high number of downloads on these apps, analyst Jagadeesh Chandraiah says, it's likely that these apps have resorted to third-party pay-per-install services to raise up the download counts. He also suspects the five-star reviews being fake and bought in order to better the apps ranking on the Play store and hence lure a large number of users.

Warning the users in their report, Sophos told, "If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps that offer subscription-based charges after a short trial."

"If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondence with the publisher, and be prepared to share that with Google if you end up disputing the charges." the report further read.