Security Firm Says Over 3 Million iOS Users Installed Expensive “Fleeceware” Trial Apps

Fleeceware screenshots
Sophos

With the rise of smartphones as the primary digital interaction for most people, unscrupulous developers are finding more ingenious ways to scam people out of money. Take “fleeceware,” for example: a technique for signing up users for exorbitant recurring subscriptions on near-useless apps. A security firm says these apps have been installed 3.5 million times on iPhones and iPads.

Fleeceware is a term coined by Sophos, a security researcher based in the United Kingdom and issuer of this and similar reports. The setup goes something like this: you download an innocuous app, like a flashlight or a horoscope, and go through a lengthy setup process designed to obfuscate the app’s nature. Somewhere in there you start a free “trial” of the app’s features, without being told that the actual subscription recurs weekly or monthly. These subscriptions are charged to your account via the App Store, even after you’ve uninstalled the app.

Users who aren’t aware of the recurring charge, and aren’t aware that it’s still there after the app is gone, can pay huge amounts of money without realizing it. The subscription apps in the Sophos report charged between $3 and $10 a week, sometimes hundreds of dollars a year. Apps as frivolous  as “Banuba: Face Filters and Effects” or “Astro Time & Daily Horoscope” are racking up tens of thousands of dollars in revenue, and according to Sophos, it’s almost entirely taken from users who aren’t aware that they’ve signed up for a recurring charge.

iOS users aren’t alone in this. Similar subscription options on the Google Play Store have allowed fleeceware on Android too, though Google has removed some of the most flagrant abusers. Across both major mobile platforms, Sophos estimates that millions of dollars are being “fleeced” from unaware users through loopholes in trial and subscription tools. Parents whose children have installed the apps, and who are irate at the recurring charges, are airing their grievances in the app review sections.

Part of the problem is that, at least according to the letter of the law in most countries and the developer and user policies of app stores, there’s no technical crime being committed. There’s nothing illegal about charging $100 a year for a flashlight app—you’d just have to be an unprincipled jackass to try to do it. That could make it hard for Google and Apple to consistently police their stores for this behavior. Fleeceware developers are using the same system that’s in place for legitimate apps and services, like Dropbox or Pandora, to easily get subscription customers through phone payments.

Here’s the list of iOS apps published by Sophos. Subscription prices range from $3 to $10 a week, and $15 to $200 a year. At the time of the report, “mSpy Lite” ($50 every three months)  was the third-highest grossing app on the App Store.
  • Seer App:Face, Horoscope, Palm
  • Selfie Art – Photo Editor
  • Palmistry Decoder
  • Lucky Life – Future Seer
  • Life Palmistry – AI Palm & Tag
  • Picsjoy-Cartoon Effect Editor
  • Aging seer – Faceapp,Horoscope
  • Face Aging Scan-AI Age Camera
  • Face Reader – Horoscope Secret
  • Horoscope Secret
  • CIAO – Live Video Chat
  • Astro Time & Daily Horoscope
  • Video Recorder / Reaction
  • Crazy Helium Funny Face Editor
  • Banuba: Face Filters & Effects
  • QR Code Reader – Scanner
  • QR Code Reader & Barcode PRO
  • Max Volume Booster
  • Face Reading – Horoscope 2020
  • Forecast Master 2019
  • mSpy Lite Phone Family Tracker
  • Fortunescope: Palm Reader 2019
  • Zodiac Master Plus – Palm Scan
  • WonderKey-Cartoon Avatar Maker
  • Avatar Creator – Cartoon Emoji
  • iMoji – Cartoon Avatar Emojis
  • Life Insight-Palm & Animal Face
  • Curiosity Lab-Fun Encyclopedia
  • Quick Art: 1-Tap Photo Editor
  • Astroline astrology, horoscope
  • Celeb Twin – Who you look like
  • My Replica – Celebrity Like Me

If you’re concerned that you’ve installed fleeceware, you can check for recurring subscriptions in your app store settings. On iOS it’s under the “Subscriptions” section of the main Settings app, and on Android it’s in the left-side menu in the Play Store app.

Source: Sophos via ZDnet

Michael Crider Michael Crider
Michael Crider has been writing about computers, phones, video games, and general nerdy things on the internet for ten years. He’s never happier than when he’s tinkering with his home-built desktop or soldering a new keyboard. Read Full Bio »

The above article may contain affiliate links, which help support Review Geek.


Our Readers' Favorite Products This Week





















Show More