At least 24 Google Play Store apps, including a basic QR code scanner and a third-party calculator, charge users up to $240 for failing to cancel free trial periods, security researchers from Sophos Labs discovered.
In the report, spotted by ZDNet, Sophos researchers said certain Android app developers are exploiting the Play Market free trial period policy, which requires users to cancel their subscriptions directly with publishers.
While most apps will set you back a couple bucks if you forget to formally cancel, the developers identified by Sophos charge unsuspecting downloaders hundreds of dollars.
Researchers said the charges ranged between $100 and $240 for the simplest set of apps, like GIF makers, photo editors, calculators, and barcode readers.
This model, known as fleeceware, relies on users who think uninstalling an app cancels the trial period.
They "fail to understand the requirement that, in order to drop out of the trial, they have to explicitly tell the developer that they are cancelling the trial period,” the Sophos report said.
Reviews of these apps shed light on the massive charges users have seen. One reviewer gave a reverse-image-search app one star, writing “within a split second of opening it saw just how much they wanted to charge! £189.99!” (That's about $235 U.S.)
If the developers in question siphon hundreds of dollars from just a small percentage of users, they’ll make a significant sum, especially in the case of the apps here that have been downloaded millions of times.
The apps themselves aren’t malicious, according to Sophos, although FaceApp seems to be on its list, and we know about the privacy uproar the age-morphing phenomenon incited.
Since Sophos flagged these apps, Google has taken most of them down from the Play Store. But at the time of this writing, it appears that some of them are still active.
Apps with the package names "faceapp.facemystery.learnmoreaboutyourself" and "com.compasspro.gpscoordinates" are available for download. One GPS app reviewer wrote they were charged $265, and that Google hadn't addressed their complaint.
Google Play Store fleeceware: What you can do
Before engaging in an Android app’s free trial, take note of the expiration date. Add it to your calendar so you’re reminded when it’s time to take action. Notify the developer directly about your desire to cancel — simply uninstalling the app from your phone isn’t always enough.
Make a habit of reading reviews before downloading, chiefly for apps by independent developers. If you see someone was charged in excess, it could happen to you, too. And if it does, call your credit-card issuer and see if it can reverse the charges.