Security analysts are reporting a growth in fleeceware apps promoted on Apple’s App Store as free ones but eventually overcharging users for junk services.
Fleeceware is a researchers-coined term denoting applications that follow questionable marketing practices and exhibit the following characteristics: they provide paid features that are available at zero or lower cost in other apps; and they may also pretend to be completely free but end up charging people after a short trial period expires. The unnerving trend is that this fraudulently-flavored phenomenon has drilled its way into the official Android and, more recently, iOS app marketplaces. In early April 2020, experts at cybersecurity firm Sophos spread the word about their latest findings regarding this issue based on their review of Apple’s App Store. They found 32 iOS apps that fall into the fleeceware category. These products have collected more than 3.5 million installs and have potentially raked in significant profits for their unscrupulous authors.
A good deal of these applications are among the most popular ones in the iOS ecosystem at this point. They are being pushed through multi-pronged marketing that involves in-app ads, social media services, and YouTube videos. Another thing that gives users a false sense of confidence and security is that the fleeceware applets have plenty of five-star reviews, which the researchers believe are concocted comments their makers themselves have posted to boost rankings in the App Store. Most of these dubious pieces of software are QR and barcode readers, fortune-telling apps, image editors, and photo beautifiers for selfies. Obviously, the developers are staying on top of the trends and boiling their activities down to supplying the products that are the most demanded across the board.
Several apps that got into the researchers’ radar are outright deceptive in terms of the subscription terms. They are labeled “free”, with the fine print saying “Offers In-App Purchases”. Most of them feature a free trial for three or seven days and require one’s credit card details from the get-go. If the user forgets to cancel their subscription afterwards, they discover funds having been withdrawn from their account. The subscription fee amounts to about $30 per month on average, which means the annual cost can reach hundreds of dollars. Sophos estimates that the devs have already made roughly $4.5 million in the United States alone.
Pair these costs with the fact that the exact same functionality is readily available in many other products on the App Store without strings attached or at a lower rate – and the scam gist of the fleeceware becomes yet more apparent. To avoid being charged without proper notice, iOS users should know how to cancel unwanted subscriptions. Here’s a brief walkthrough:
- Go to Settings on the device;
- Tap your username and proceed to Subscriptions;
- Select the subscription you would like to cancel;
- Tap the Cancel Subscription button.
To stay away from fleeceware related scams further on, iOS users need to do their homework before installing an app and look for alternative options that could be entirely free or cheaper to use.