Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Businesses The Almighty Buck

More Than Half a Billion Android Users Have Installed 'Fleeceware' Apps (zdnet.com) 37

Security researchers from Sophos say they've discovered a new set of "fleeceware" apps that appear to have been downloaded and installed by more than 600 million Android users. From a report: The term fleeceware is a recent addition to the cyber-security jargon. It was coined by UK cyber-security firm Sophos last September following an investigation that discovered a new type of financial fraud on the official Google Play Store. It refers to apps that abuse the ability for Android apps to run trial periods before a payment is charged to the user's account. By default, all users who sign up for an Android app trial period, have to cancel the trial period manually to avoid being charged. However, most users just uninstall an app when they don't like it. The vast majority of app developers interpret this action -- a user uninstalling their app -- as a trial period cancelation and don't follow through with a charge. But last year, Sophos discovered that some Android app developers didn't cancel an app's trial period once the app is uninstalled and they don't receive a specific request from the user. Sophos said it initially discovered 24 Android apps that were charging obscene fees (between $100 and $240 per year) for the most basic and simplistic apps, such as QR/barcode readers and calculators.
This discussion has been archived. No new comments can be posted.

More Than Half a Billion Android Users Have Installed 'Fleeceware' Apps

Comments Filter:
  • by bobstreo ( 1320787 ) on Wednesday January 15, 2020 @12:33PM (#59623382)

    You have to wonder if there aren't Apple developers with similar leanings.

    The worst case is an uninstallable app that gets thrown onto a phone by the manufacturer, so you can't even delete it...

    • There are apps that do this in iOS, where they want $9 a week if you want no ads... and the ads last 2-3 minutes, and allow 5-10 seconds of gameplay. Facebook has also been having hundreds of places push banal iOS games (where the publisher name is a 64 character random hex string) as well.

      Historically, because the barrier to being an Apple app publisher has been higher than Android, coupled with Apple swinging the banhammer without mercy and being a zealous gatekeeper has kept the app store fairly clean.

      • Who the hell pays for that instead of just moving to the next app, particularly when there are a lot of more popular apps that don't have ads and are completely free to play (even though they're really pay to win) for the user?

        I think that with iOS the real predatory apps have been the ones aimed at getting small children to rack up hundreds or even thousands of dollars of in-app purchases after mommy or daddy thought they were getting a cheap babysitter for a few hours. There's still the grown-up versio
    • Comment removed (Score:4, Informative)

      by account_deleted ( 4530225 ) on Wednesday January 15, 2020 @12:59PM (#59623486)
      Comment removed based on user account deletion
    • Apple has Gated Community storefront where Application Developers have to go through often crazy hoops to get their program approved for the Apple Store, then they need to pay Apple a Cut on their profit. Makes it a harder way to trick users. Sure they are loop holes, but Google Open Store is also open to Bad actors.

      • I don't see how this makes it any harder. As long as they pay Apple their cut, they are free to charge whatever they like.

    • Yes. They do it through the subscription service. I read not long ago that a weather app was charging $8 dollars per week and all it was doing was displaying the same free weather info that the apple weather app displayed. The apps talk about a free trial period, but they do not clearly indicate that the subscription has already been started. Users often forget to unsubscribe. Apple makes it rather difficult to unsubscribe to Services. I think this article is more or less a rehash of the one I read about Ap

    • The difference is the amount of money Apple makes. And if you're an Apple user and sending money to Apple, it's ok. It's what you do.
    • This absolutely happens on iOS. It happened to me with a QR code reader but apple you get an e-mail saying you signed up for a subscription or something along those lines so it was at least obvious what they were doing so I could cancel quickly. But in order to cancel you don't (and couldn't) cancel within the app you have to cancel some unusual place that shows your app store subscriptions.
    • In fact the snail mail versions pre-date mobile apps (and in some cases, computers).
      • Annual subscriptions with a clause requiring termination in writing during a 1 month window before the renewal date, but not earlier. The phone book companies were notorious for this. You'd pay for an ad in the yellow pages, which would automatically enroll you in an annual renewal. You don't notice much change in the amount of business so you decide the ad isn't working, and decide not to renew. Next year you notice th
  • Brought to you from???? I surrender. I promise that tomorrow I will return to the true phone and tablet OS and make a purchase of the sanctified iOS devices.
  • There's nothing new about this.

    I was a victim of this (on Android) at least 2 years ago. And I complained loudly and long.

    I found that the suppliers of an app I had "canceled" and "uninstalled" long before had been charging me each month. It was a relatively small amount so I didn't even know at first. But it really pissed me off that I was getting charged for something I wasn't using.

    The software company was recalcitrant, and I had to deal with "it is our policy..." BS for several calls and about
    • by Z00L00K ( 682162 )

      And this is why I have decided to never link any means of payment to my google account and stick to the free apps, even if some of them are a bit lobotomized.

      There are enough apps out there anyway, so it's not a big issue.

  • But last year, Sophos discovered that some Android app developers didn't cancel an app's trial period once the app is uninstalled

    Since when do you (as a developer) get notified by Google when an Android app gets uninstalled? Since Google knows you are uninstalling this app from your last device, Google is the one that charges the subscription, and Googles own store is where you cancel the subscription, how about Google takes some accountability in making sure you get notified that you can cancel your trial

  • I don't have a valid credit card or any payment info linked to my Play Store account -- with good reason.
  • Is this the technical equivalent of natural selection? I read this as "More Than Half a Billion Android Users Have Installed The New Shiny App Icon on Their Phone Without Knowing What It Really Is".

    Seriously, people are ignorant when it comes to personal security. This shit needs to be taught, along with personal financial, health and nutritional requirements in schools, and there should be free public education on these subjects for those out of school.

  • I have never understood how Google could be so unaware of how QR codes are marketed as a fundamental intrinsic park of a mobile phone, they work out of the box with the standard camera iOS app, and yet are one of the harder functionalities to get on an Android.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...