Beware of Mobile Phone “Fleeceware” Apps

By Avalon Siegel
May 20, 2021
5 min

Amongst the many useful mobile phone applications, there is also a class of apps that are defrauding customers by failing to deliver on their promises and overcharging them with expensive fees. Often for services that are widely available for free or at low cost elsewhere online.

The fleeceware business model

Sophos was the first to coin the term fleeceware because the apps themselves aren’t engaging in any kind of traditionally malicious activity, they skirt the rules that would otherwise make it easy for Google to justify removing them from the Play Market. Their developers also seem to be very good at staying under the radar from security vendors. Even so, there are other characteristics of these apps that make them less-than-desirable.

Fleeceware is tricky, they don’t steal your data or try to take over your device, meaning there’s nothing malware-like for Google and Apple’s vetting process to catch. Instead, these scams hinge on apps that work as advertised but come with hidden, excessive subscription fees.

But wait, how can I spot Fleeceware?

These applications are, fundamentally, simple, there’s typically nothing malicious in the code. We’ve observed tools like QR or barcode readers, calculators, tools to make animated GIFs, or photo editors. In most cases, there are free alternatives from well known vendors already available on the Play Market.

These fleeceware apps tend to have these aspects in common:

Reviews – They have over-enthusiastic reviews that all sound similar (and are fake).
Free Trials with a catch – They offer an initial free trial (typically 7 days), then begin charging high amounts compared to legitimate apps offering the same types of features. These charges are often up to ten times the cost of reputable apps.
Fake VPNs- one category of “fleeceware” apps are marketed as Virtual Private Networks (VPNs). In contrast to legitimate VPN apps, the “fleeceware” variety have been found to be faulty or fraudulent. Once the client realizes and tries to cancel, they then dupe clients with charge fees many times higher than the genuine ones.

⚠️ Avoid them at all costs ⚠️

To avoid these rogue apps, mobile owners need to exercise caution and consult trusted advice before purchasing and installing apps on their mobiles.

Avast, a company dedicated to security, has sounded the alarm and has published a list of 204 applications that use these practices, both in the Apple App Store and in the Google Play Store. In this list, you can check the name of the application and the prices they ask for the subscriptions, as well as the estimated downloads over time.

As they say, it’s better to be safe than sorry.