Fleeceware apps persist on the Play Store

Credit to Author: Jagadeesh Chandraiah| Date: Tue, 14 Jan 2020 13:30:10 +0000

In our initial coverage of the fleeceware phenomenon, published in September, SophosLabs reported on how some app publishers using the Google Play Store had devised a business model where users could be charged excessive amounts of money for apps if they don’t cancel a “subscription” before the short free trial window closes.

While the company did take down all the apps we had previously reported to them, fleeceware remains a big problem on Google Play. Since our September post, we’ve seen many more Fleeceware apps (such as the ones listed in the table at the end of this story) appear on the official Android app store.

The total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.

We have good reason to believe that the install count may have, in some cases, been manipulated. But some of the apps, including a popular keyboard app that allegedly transmits the full text of whatever its users type back to China, may legitimately have that many downloads.

As we saw last fall, there were a wide variety of entertainment or utility apps, including fortune tellers, instant messengers, video editors, and beauty apps. And just like last time, user reviews reveal serious complaints about overcharging, and that many of these apps are substandard, and don’t work as expected.

Monetary damage to users

One reason Sophos wants to create awareness, and highlight this Fleeceware business model, is that this business model can cause significant harm to users, and there’s little recourse. The Google Play Store policies are significantly less consumer-friendly than US credit card policies; Those who managed to get refunds have been able to obtain them only with great difficulty.

Some of the unhappy consumers who wrote negative reviews claim they even followed the subscription model’s rules to unsubscribe, and were charged anyway.

The Fleeceware business model adopts new payment schedules

In our earlier reporting, we noted that fleeceware apps often charge a very large amount, which the publishers characterized as an annual subscription to their software. For example if you were charged more than $200 for an app, you might be able to justify it as being “only” $16.67 per month, but that doesn’t take into account the fact that the app merely does, for example, a reverse-image search — something Google offers as a free service, anyway.

A typical fleeceware subscription prompt. This app displays daily horoscopes for only $69.99 a week, which adds up to an annual price of $3,639.48‬

So in the intervening months, some publishers have decided to offer weekly and monthly “subscription” payment options, instead of (or in addition to) annual charges. Sure, it might make the amount look smaller, so users might be less likely to experience sticker shock, but it actually exacerbates the overcharging: In one case, we found an app displaying subscription fees of €8.99 per week, or €23.99 per month, which works out annually to €467.48 (if you pay the weekly amount for 52 weeks) or €287.88 (if you pay the monthly amount for 12 months).

Confusing things even further, some of the apps (such as the screen recorder app shown above and below this paragraph) prompt users to pay for a monthly subscription rate on one screen, and a much different, weekly rate on another screen.

Fleeceware apps available in the north American and European markets

It’s impossible for consumers to make an informed choice under these kinds of circumstances, even if they really wanted to pay more than the cost of any but the most expensive new phones each year for the privilege.

High install counts and suspiciously positive reviews

If you look at the “install count” on our list of fleeceware apps (below), you’ll see that most of them have a high install count. Some of the apps’ Play Store page claims they have 1 million, 5 million, 10 million, or even 100 million installs. Many legitimate apps strive hard to reach those kinds of numbers.

Some of these apps are very unprofessional looking. Based on past experience, it may have been the case that these app developers could have used a paid service to bloat their install counts and forge a large number of four- and five-star reviews. You can identify some of these falsified user review clusters if you scrutinize the recent 5 star reviews; one-to-three word, five star reviews have a propensity to be “sockpuppet” reviews.

The reason why some publishers do this is simple: to boost their Play Store search rankings, thereby attracting more potential “customers.” As described by Google, how search results return specific apps depends on “the overall experience of [the] app based on user behavior and feedback. Apps are ranked based on a combination of ratings, reviews, downloads, and other factors.”

High install counts and high numbers of good reviews make them appear high in the list when users search for these apps using generic terms.

Some user “reviews” are less reliable than others

What can users do about it?

If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps which offer subscription-based charges after a short trial.

Nobody likes to read the fine print, but if you do happen to install an app that asks you to sign up for a free trial, it pays to read everything on the trial prompt to make sure you won’t be charged lots of money for an app.

It pays to treat apps like these with suspicion. Read reviews before you install the app; Keep in mind that app publishers might also be manipulating reviews by filling them with five-star ratings that don’t tell you much.

If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondance with the publisher, and be prepared to share that with Google if you end up disputing the charges.

Finally, even if one of these apps looks great, it pays to search for similar apps from developers or publishers with a good reputation. In most cases, free alternatives abound.

 

http://feeds.feedburner.com/sophos/dgdY

Leave a Reply