Android smartphone owners need to be on alert for a slew of costly new scam apps (Image: GETTY • GOOGLE )
Security researchers at Sophos have uncovered a slew of new Android apps that smartphone owners need to avoid like the plague. Categorised as “fleeceware”, the new apps are designed to abuse the ability for apps to begin charging users a subscription fee after a trial to test the service.
As it stands, Android app users have to cancel the trial period manually to avoid being charged for the full subscription. However, the vast majority of users simply uninstall an app when they’re not interested – or want to avoid moving to a subscription. Some might’ve forgotten that they’d even signed up for a trial subscription within the apps when they remove them from their Android smartphones or tablets.
The vast majority of apps developers interpret an uninstall as a signal that users don’t want to continue with the subscription – and cancel the upcoming charges. However, a number of Android developers are deliberately ignoring this signal as a way to generate quick revenue from smartphone owners. Abingdon-based —— initially unearthed 24 Android apps that were charging between $100 and $200 a year subscriptions for the most basic features – calculators (Google includes one on every Android phone) or QR code readers (also built into the Android operating system by default) to make a quick buck from users.——Dubbed “fleeceware”, Sophos has sniffed-out 25 more apps that fall into the category. More than 600 million Android users have downloaded these apps, according to the statistics provided by the Play Store on each. Sophos security researcher Jagadeesh Candraiah believes this is pretty high, likely inflated by a pay-per-install service to boost the numbers and trick more Android users into believing the app is legitimate – and installing it on their hardware.——The apps are:—— | 500,000+ Installs—— | 100,000+ Installs—— | 5,000,000+ Installs—— | 100,000+ Installs—— | 5,000,000+ Installs—— | 50,000,000+ Installs—— | 100,000,000+ Installs—— | 100,000,000+ Installs—— | 100,000,000+ Installs—— | 5,000,000+ Installs—— | 10,000,000+ Installs—— | 100,000,000+ Installs—— | 1,000,000+ Installs—— | 100,000,000+ Installs—— | 10,000,000+ Installs—— | 5,000,000+ Installs—— | 5,000,000+ Installs—— | 100,000+ Installs—— | 5,000,000+ Installs—— | 10,000,000+ Installs—— | 10,000+ Installs
Deleting the apps will not stop them charging you every week, month or year (Image: SOPHOS)
One of these – GO Keyboard Lite – has a history of nefarious behaviour. Back in 2017, the keyboard replacement was caught red-handed sending back the text users were typing into their apps (from messages to loved ones, to inputing passwords) to servers in China. And now, it’s jumped onto the “fleeceware” bandwagon to start charging an annual subscription fee of $59.99 (£45) to anyone who forgets to cancel the subscription after installing the app.
Of the apps discovered by Sophos, the greediest is undoubtedly Photo Recovery & Video Recovery, which signs-up users to a $199.99 (£153) annual fee as soon as the trial ends. Meanwhile, Fortunemirror could end-up costing you the most overall, thanks to its eye-watering $69.99 (£55) per week subscription.
The scam isn't technically against the rules of the Play Store, many legitimate apps use these techniques (Image: SOPHOS)
Sophos has provided some nifty tips to make sure you never fall fowl of this type of scam in the future. According to the security-focused company, “It pays to treat apps like these with suspicion. Read reviews before you install the app; Keep in mind that app publishers might also be manipulating reviews by filling them with five-star ratings that don’t tell you much.”
Salamat dito teh. Buti nalang diko pinipindot yung mga trial 1month sa mga apps. Hahahaha