Sophos has found more than 30 fleeceware apps in the Official App Store. These apps raid your sheepy-bank and charge outrageous weekly or monthly subscriptions that users are not aware of.
Sophos says these include apps like image editors, horoscope/fortune-telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.
“Fleeceware apps are not officially malicious, but they are unethical. They prey on consumer trust with devious techniques designed to make money. They encourage unsuspecting users to install them through aggressive online advertising and fake five-star reviews.”
On installation of these supposedly free apps, you often see a one-off a ‘free trial’ notification. It requests a credit card number to unlock the app. Even if you uninstall it, the billing starts with some charging $30 a week for things like astrology or a barcode reader.
The Sophos report is here (it includes a list of known apps). It estimates that between 9 December and 2 March 2020 these apps have made between US$3.5-4.5 million.
Sophos says that app publishers can introduce new fleeceware apps by releasing new apps with the same subscription policies. Or by illegally converting a previously free app into fleeceware by changing the app’s profile.
The offending apps are marketed heavily via in-app advertising or social media links.
Jagadeesh Chandraiah, senior security researcher at SophosLabs and the fleeceware report author, said:
“The main purpose of the iOS fleeceware apps we found seems to be severely overcharging users (as was the case with the Android apps discovered in 2019). App developers take advantage of monetisation practices widely used by legitimate free apps but take them one step further. For example, in the hands of the fleeceware app developers, short free trials followed by a monthly subscription soon add up to hundreds of dollars a year in charges.”
How to eliminate fleeceware
In iOS go to settings, tap your name and then tap subscriptions.
If you don’t see the subscription, it either means its hiding under a different name (usual), or you have managed to cancel it. Whatever you do, don’t uninstall it until you have completed the first step.