Fleeceware apps installed by over 600m Play Store users

Google Play Store
(Image credit: Shutterstock)

A new set of “fleeceware” apps have been discovered that appear to have been downloaded and installed by over 600m Android users according to security researchers at Sophos.

The cybersecurity firm first coined the term fleeceware last September after it discovered a new type of financial fraud taking place on the Google Play Store. The term itself refers to apps that abuse the ability to offer trial periods to users before their accounts are charged.

When a user signs up for an Android app trial period, they have to manually cancel the trial to avoid being charged. Most users just uninstall apps they don't like and the majority of app developers take this as a sign that they wish to cancel the trial period without being charged.

However, last year Sophos discovered that some app developers didn't cancel an Android app's trial period after it was uninstalled and instead kept charging them despite the fact that they were no longer using the app.

Fleeceware apps

According to Sophos, the firm said that it initially discovered 24 Android apps that were charging high fees, between $100 and $240 per year, for simple apps such as QR readers and calculators after their trial periods ended.

In a recent report though, Sophos revealed that it had discovered another set of Android fleeceware apps that were installed by over 600m Android users. The company's Jagadesh Chandraiah explained how these fleeceware apps were able to become so popular on the Play Store in a blog post, saying:

“Some of these apps are very unprofessional looking. Based on past experience, it may have been the case that these app developers could have used a paid service to bloat their install counts and forge a large number of four- and five-star reviews. You can identify some of these falsified user review clusters if you scrutinize the recent 5 star reviews; one-to-three word, five star reviews have a propensity to be “sockpuppet” reviews.”

Fleeceware apps remain a problem that Google will have to deal with on the Play Store but to prevent falling victim to their scams, it is recommended that users think twice about signing up for a trial period, remember to cancel any trial periods they do sign up for and check their Play Store payment history for any suspicious charges.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.