Researchers at Sophos, a U.K. based cybersecurity company, discovered a set of 25 fleeceware apps on Play Store having more than 600 million installs. Some of these apps have close to 100 million installs, which can rival even the legitimate apps on the Google Play Store.
What is Fleeceware?
Fleeceware is a term introduced by researchers at Sophos Labs in September 2019. It has been named fleeceware due to its defining characteristic of overcharging users for functionality that’s widely available in free or low-cost apps.
All users signing up for an Android app’s trial period are required to cancel the trial version manually to avoid service continuation charges. However, most users just uninstall an app when they don’t like it. The majority of app developers interpret the action of uninstallation as a trial period cancelation and thus don’t charge the user for service continuation.
However, researchers discovered that some Android app developers intentionally didn’t cancel an app’s trial period when a user uninstalled the app. An obscene amount of service continuation charges (between US$100 and US$240 per year) were debited from the users’ saved cards for the most basic and simplistic of apps, such as QR/barcode readers and calculators.
Jagadeesh Chandraiah, Sophos mobile malware analyst, said that he suspects the apps bought fake five-star reviews to boost their ranking on the Play Store and also used pay-per-install services to boost install counts to attract a large number of users.
Earlier, in December 2019, Tatyana Shishkova, an Android Malware Analyst from Kaspersky, discovered a few malicious Adware apps on Google’s Play Store. Adware is a type of malware (malicious software) that displays unwanted advertisements on the user’s device. These ads are generally in the form of a pop-up and at times without a Close Popup option. This form of malware is less serious than others but has a ton of nuisance value to it. Adware implementers can sell users’ browsing history and behavior to interested clients, which in turn could be used to target them with more customized ads as per their likes and dislikes.
Tatyana also found three hidden Ad apps on the Play Store, which had close to 12,000 installs. Digital adverts are no longer just used to pursue the user to only buy products, however, this set of information is also used to earn profit by selling it to interested third-party clients.