‘Fleeceware’ Play Store Apps Quietly Charging Up to $250

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Imagine an Android GIF-making app available on Google Play that automatically charges €214.99 ($253) to continue using it beyond its three-day trial period. Or how about a completely unremarkable QR code reader app, whose developer thinks that a charge of €104.99 is a fair price to continue using it 72 hours after it was downloaded. If you think these prices sound far-fetched, we have news – researchers at SophosLabs have discovered at least 15 apps which have been downloaded millions of times between them charging these extraordinary prices under Google’s nose. The most unexpected part of this discovery? By exploiting a loophole in the Play store licensing regime, this behaviour appears to be legal.

The scam works by exploiting the legitimate app behaviour of allowing users to download apps under a trial license period which, in this case, ends after a few days. There is nothing obviously malicious about the apps, which mostly work as advertised, albeit that their features are identical to advertising-supported apps that cost nothing. Importantly, the apps ask users to submit their payment details during the trial period, which most users probably assume won’t apply if they de-install the app. Because the huge annual subscription price is only mentioned in small print, users probably assume the cost will be a few dollars or euros. SophosLabs’ researchers discovered three apps charging €219.99 for full licenses, with another five charging €104.99, and one charging €114.99. One of these ‘fleeceware’ apps had more than 10 million downloads, two had 5 million, with the rest between 5,000 and 50,000.
 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top