In a blog post, Sophos researchers revealed that they found at least 23 fleeceware applications on Google Play Store luring Android users into paying exorbitant subscription. In January of this year, Sophos discovered 25 Android applications with approximately 600 million downloads fleecing Android users on Google Play Store. In June, Google updated its developer policies with new directives to how applications must inform users about the true terms and cost of paid applications licensed via the Google Play Store. Although the policy has been in place for nearly two months, Sophos researchers were able to find some app developers who had not completely implemented the new rules to their applications. Researchers also said that in the course of their new research, they found developers using misleading language on their applications to overcharge users on Play Store.
They found some developers luring customers into a ‘rabbit hole.’ Fleeceware creators use a ‘blind subscription’ model in which applications prompt users to immediately start subscription using ‘Start Free’ or ‘Try For Free’ buttons. Those apps do not display full billing details. Google said that the offer emphasizes the free trial, and consumers might not understand that the apps will automatically charge them once the free trial ends. Although publishers are not allowed to this, some developers still try.
Some applications were also found to have a ‘spam subscription’ model. When the user signs up, they find themselves subscribed to many different applications. Sometimes, users unknowingly subscribe to apps and spend hundreds of dollars, research Jagadeesh Chandraiah wrote in a blog post on August 19.
Some developers were also found using fine prints of their terms and conditions to trick people visually and charge then massive subscription fees. Chandraiah also wrote in the blog post that while not exclusive to fleeceware apps, some applications that charge subscription fees still show the cost or important terms in grey font on a white background.
The policies of Google Play Store for subscription-based applications restrict several behaviors, however, these policies do not restrict how much app subscriptions should cost. In the US, the upper limit on much an app can charge is $400, however, Chandraiah wrote that this rule does not specify the duration of that subscription.
On the other hand, Apple has a guideline that it could reject expensive applications that try to cheat consumers with irrationally high costs. When Sophos reported Google about those expensive applications, a spokesman replied that subscription fees are set at the discretion of developers.
In our investigation we found that 7 out of those 2 Fleeceware apps are no longer available in the Play Store, probably Google has taken some actions on those developers. While analyzing the remaining 16 apps and publishers we found that most of them are manipulating users by publishing fake reviews from a lot of fake profiles to make their product and listings look genuine. We'd advice Android users to avoid installing these apps from their smartphone or if you've already have one be sure to remove them from your device as soon as possible to stay on safe side.
Here's the list of those 17 Fleeceware apps you should beware of:
Recover deleted photos, Photo backup (1,000,000+ Installs)
Compress Video: Video Cutter - Audio Extractor (1,000,000+ installs)
Gametris Wallpaper (1,000,000+ installs)
Dynamic Wallpaper (1,000,000+ installs)
Old Me-Simulate Old Face (1,000,000+ installs)
Video Magician (1,000,000+ installs)
Futurescope (1,000,000+ installs)
Fontmoji (1,000,000+ installs)
Photo Converter: File Converter & JPEG Converter (500,000+ installs)
Search by Image: Image Search - Smart Search (500,000+ installs)
My Replica 2: Ethnic Origin, Celebrity Look-Alike (500,000+ installs)
Zynoa Wallpaper (100,000+ installs)
Montage - Help you make cool videos (100,000+ installs)
Fake Text Message-Prank text app (100,000+ installs)
Xstar: Sleep and Mindfu (100,000+ installs)
Prank Call:Fake celebrity call-Ownage Pranks App (10,000+ installs)
Read next: A Malware Discovered In Some Cheap Chinese-Made Smartphones Can Steal Data And Money From Users
They found some developers luring customers into a ‘rabbit hole.’ Fleeceware creators use a ‘blind subscription’ model in which applications prompt users to immediately start subscription using ‘Start Free’ or ‘Try For Free’ buttons. Those apps do not display full billing details. Google said that the offer emphasizes the free trial, and consumers might not understand that the apps will automatically charge them once the free trial ends. Although publishers are not allowed to this, some developers still try.
Some applications were also found to have a ‘spam subscription’ model. When the user signs up, they find themselves subscribed to many different applications. Sometimes, users unknowingly subscribe to apps and spend hundreds of dollars, research Jagadeesh Chandraiah wrote in a blog post on August 19.
Some developers were also found using fine prints of their terms and conditions to trick people visually and charge then massive subscription fees. Chandraiah also wrote in the blog post that while not exclusive to fleeceware apps, some applications that charge subscription fees still show the cost or important terms in grey font on a white background.
The policies of Google Play Store for subscription-based applications restrict several behaviors, however, these policies do not restrict how much app subscriptions should cost. In the US, the upper limit on much an app can charge is $400, however, Chandraiah wrote that this rule does not specify the duration of that subscription.
On the other hand, Apple has a guideline that it could reject expensive applications that try to cheat consumers with irrationally high costs. When Sophos reported Google about those expensive applications, a spokesman replied that subscription fees are set at the discretion of developers.
In our investigation we found that 7 out of those 2 Fleeceware apps are no longer available in the Play Store, probably Google has taken some actions on those developers. While analyzing the remaining 16 apps and publishers we found that most of them are manipulating users by publishing fake reviews from a lot of fake profiles to make their product and listings look genuine. We'd advice Android users to avoid installing these apps from their smartphone or if you've already have one be sure to remove them from your device as soon as possible to stay on safe side.
Here's the list of those 17 Fleeceware apps you should beware of:
Recover deleted photos, Photo backup (1,000,000+ Installs)
Compress Video: Video Cutter - Audio Extractor (1,000,000+ installs)
Gametris Wallpaper (1,000,000+ installs)
Dynamic Wallpaper (1,000,000+ installs)
Old Me-Simulate Old Face (1,000,000+ installs)
Video Magician (1,000,000+ installs)
Futurescope (1,000,000+ installs)
Fontmoji (1,000,000+ installs)
Photo Converter: File Converter & JPEG Converter (500,000+ installs)
Search by Image: Image Search - Smart Search (500,000+ installs)
My Replica 2: Ethnic Origin, Celebrity Look-Alike (500,000+ installs)
Zynoa Wallpaper (100,000+ installs)
Montage - Help you make cool videos (100,000+ installs)
Fake Text Message-Prank text app (100,000+ installs)
Xstar: Sleep and Mindfu (100,000+ installs)
Prank Call:Fake celebrity call-Ownage Pranks App (10,000+ installs)
Read next: A Malware Discovered In Some Cheap Chinese-Made Smartphones Can Steal Data And Money From Users