Over $400 Million Earned by Fleeceware Apps in the App Store and Play Store
These applications are actively advertising on popular social media networks such as Facebook, Instagram, Snapchat and TikTok.
Avast researchers have recently discovered 204 fleeceware applications with over a billion downloads and over $400 million in revenue on the Apple App Store and Google Play Store.
To clarify, a fleeceware refers to a mobile app that comes with excessive subscription fees. For instance, most apps provide you with a short free trial to test the product before deciding upon a monthly or yearly subscription. Fleeceware applications on the other hand take advantage of users who are not familiar with how subscriptions work on iOS or Android devices and charge higher fees.
These applications draw users into a free trial to “test” the app, after which they overcharge them through subscriptions that run as high as $3,432 per year.
Impacted users voicing their views about the extortionate app subscriptions.
In a blog post, the researchers explained that
These applications generally have no unique functionality and are merely conduits for fleeceware scams. Avast has reported the fleeceware applications to both Apple and Google for review. (…) It appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or ‘free to download’. By the time parents notice the weekly payments, the fleeceware may have already extracted significant amounts of money.
According to them, the following app categories are most prone to fleeceware:
- Musical instrument app
- Palm readers
- Image editors
- Camera filters
- Fortune tellers
- QR code and PDF readers
- Slime simulators
No less than 134 apps have been found on Apple’s iOS platform with an estimated 500 million downloads and $365 million projected revenues. On Google Play, 70 fleeceware apps have been discovered with 500 million downloads and a $38.5 million profit margin.
These applications are actively advertising on popular social media networks such as Facebook, Instagram, Snapchat, and TikTok. Because of the lucrative nature of the scheme, attackers are presumably investing large amounts of money to further propagate the apps on those platforms.
Avast researchers recommend Apple and Google to follow a few simple steps to combat fleeceware scams. First, the companies should change the way subscriptions work. If a user downloads a free app with a trial, after that trial is over, the store should send an alert if the user wants to subscribe to the app and not start charging automatically.
Although both Apple and Google already alert users when they try to remove a subscribed app, a more efficient solution is to provide them with a more visible pop-up when they do so.
While the companies may choose to offer a refund as a goodwill gesture in some cases, neither Google nor Apple is responsible for refunds after a certain time period. As such, victims should try and contact developers directly or request a bank chargeback.
Although both companies warn of active subscriptions when an app is deleted, Avast says “it’s evident that fleeceware apps continue to bring in revenue.”