Researchers have found more than 200 "fleeceware" apps in the Apple and Google Play app stores that bring in millions of dollars in fraudulent revenue for their developers.
Ever downloaded an app that promises a free subscription but then ends up saddling you with hefty charges? According to researchers at Avast who posted their results yesterday (March 24), this isn’t just a sporadic occurrence affecting a few users.
- The best camera phones right now
- The best Android antivirus apps to keep your phone clean
- PLUS: Slack just backtracked on the worst idea ever
Rather, fleeceware is a scourge tearing through the app stores for the best Android phones and the best iPhones. Avast researchers listed 204 fleeceware apps totaling in excess of a billion downloads — yes, that’s a billion — and generating estimated revenue of more than $400 million.
"Fleeceware" refers to software that promises something for free, but then delivers hidden costly charges. Other types of nefarious apps such as adware or spyware infiltrate devices to generate ad-fraud revenue or pinch users’ data, but fleeceware is cunning in that it tempts users to download software before charging astronomical subscription fees.
It's also more or less legal, although clearly unethical. Subscriptions to many of these app amount to hundreds of dollars per year, and Avast said the top annual fees can be more than $3,000.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
There are various mechanics through which fleeceware tries to hook subscribers, not least through the lure of free trials, but most of these apps over-promise and under-deliver on their services.
These seemingly benign offers then lock users into a “recurring high subscription fee, generating substantial revenue for the developers," according to the Avast report. “There’s also the possibility that users forget to cancel the free trial, resulting in more expensive fees.”
The water is further muddied by fake reviews that falsely bolster the legitimacy of the crooks’ apps.
“This tactic impairs a user's ability to make an informed decision about the application at hand,” said Avast.
Children, too, are affected, frequently downloading what appears to be an innocuous app with parents discovering the extortionate fees “weeks or months later” on their bank statements.
Furthermore, said Avast, "it appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or ‘free to download’."
"By the time parents notice the weekly payments," the report added, "the fleeceware may have already extracted significant amounts of money."
A very lucrative business
Many of the apps offer horoscope or palm readers, simple photo filters or music-making effects or lessons and PDF document scanners/QR code readers. Avast researchers found that the apps often pledged a three-day free trial before the subscription started.
Avast used estimates from app-industry analysts Sensor Tower to gauge the profitability of the apps. The Android apps have more than 500 million downloads, Sensor Tower estimated, and have earned about $38.5 million.
The iOS apps were even more lucrative. Although they also had been downloaded about 500 million times, their estimated revenue was nearly 10 times as much; Sensor Tower figured it at $365 million.
Sensor Tower told Avast that these apps "are actively advertising on major social networks such as Facebook, Instagram, Snapchat and TikTok."
We checked a few apps from both of Avast's lists, and all were still available for download at the time of this writing. Avast said it had notified Apple and Google of the apps and asked the companies to review them for violations of the app stores' terms of service.
If you've been bilked by a fleeceware app, your options for getting any money back are limited. Google and Apple are not responsible for reimbursing you after a set amount of time has passed.
Despite the fact that legitimate companies often refund exorbitant charges out of goodwill — such as when children run up huge credit card bills by buying in-game items — there's no obligation for companies to do so, and people may have to resort to getting their banks involved to process chargebacks.
Fleeceware is a very tricky affair. It's quite obviously very unethical, but one that seems to occupy a legal grey area. It's also worth being mindful of the resilience of these apps, because many of them keep charging users' credit cards even after the apps have been deleted from users' phones.
MORE: Best free Android apps