Fleeceware found in Apple App Store


First malware, then adware and now fleeceware.

Sophos has found more than 30 fleeceware apps in the Official App Store. These apps raid your sheepy-bank and charge outrageous weekly or monthly subscriptions that users are not aware of.


Sophos says these include apps like image editors, horoscope/fortune-telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.

 “Fleeceware apps are not officially malicious, but they are unethical. They prey on consumer trust with devious techniques designed to make money. They encourage unsuspecting users to install them through aggressive online advertising and fake five-star reviews.”

On installation of these supposedly free apps, you often see a one-off a ‘free trial’ notification. It requests a credit card number to unlock the app. Even if you uninstall it, the billing starts with some charging $30 a week for things like astrology or a barcode reader.

The Sophos report is here (it includes a list of known apps). It estimates that between 9 December and 2 March 2020 these apps have made between US$3.5-4.5 million.

Sophos says that app publishers can introduce new fleeceware apps by releasing new apps with the same subscription policies. Or by illegally converting a previously free app into fleeceware by changing the app’s profile.

The offending apps are marketed heavily via in-app advertising or social media links.

Jagadeesh Chandraiah, senior security researcher at SophosLabs and the fleeceware report author, said:

“The main purpose of the iOS fleeceware apps we found seems to be severely overcharging users (as was the case with the Android apps discovered in 2019). App developers take advantage of monetisation practices widely used by legitimate free apps but take them one step further. For example, in the hands of the fleeceware app developers, short free trials followed by a monthly subscription soon add up to hundreds of dollars a year in charges.”

How to eliminate fleeceware

In iOS go to settings, tap your name and then tap subscriptions.

If you don’t see the subscription, it either means its hiding under a different name (usual), or you have managed to cancel it. Whatever you do, don’t uninstall it until you have completed the first step.

Or it may be hiding in iTunes and App Store. Tap your Apple ID and roll down to subscriptions.

Android users are not exempt from this new ‘ware’ and can access their subscriptions via the Google Account, menu, subscriptions.

In normal circumstances, you can go to your bank and stop future payment. But these are apps you chose so you can’t get money back for past subscriptions.

GadgetGuy’s take:

We are surprised that it does not steal your credit card details as well.

It’s easy money for cybercriminals and you have no right to a refund as you did not read the small print nor manage your subscription properly. It exploits millions of vulnerable users including kids.