What is fleece? Fleeceware is a mobile application that includes hidden and excessive subscription fees. These applications also take advantage of users who don't know how to cancel a subscription to continue billing them.
Avast, the world leader in digital security and privacy products, has discovered more than 200 new fleeceware applications on the Apple App Store and Google PlayStore. The apps have been downloaded about 1 billion times and have amassed over $ 400 million in revenue * so far. Avast reported the fleeceware applications to both Apple and Google for review.
These types of applications attract users by offering them a 3-day free trial, with an unusually high subscription fee. After the trial period ends, users are charged a recurring subscription fee, even if they have removed the app, until they cancel their subscription in the device's app store settings. One of the apps detected, for example, offers a short free trial followed by a subscription of $ 66 per week, which could cost the victim a total of $ 3.432 per year if not canceled. These stacked apps are actively advertised on major social networks like Facebook, Instagram, Snapchat, and TikTok *.
“The pile applications we discovered are mainly applications for musical instruments, hand readers, image editors, camera filters, psychics, QR and PDF code readers and 'slime simulators'. While applications generally serve their intended purpose, a user is unlikely to knowingly pay such a high recurring fee for these types of applications, especially considering that there are cheaper or even free alternatives on the market. ”Said Jakub Vávra, Avast Threat Analyst in his blog post.
“It seems part of fleeceware's strategy is to target a younger audience through funny topics and engaging ads on social media, promising them a 'free download'. By the time the parents realize the weekly payments, the pile may already have extracted large sums of money, “adds Vávra.
Avast researchers discovered Android's fleeceware applications via its mobile threat intelligence platform apklab.io and then expanded their investigation to Apple's App Store. Apps with their estimated downloads and dollar earnings can be found here * (Google Play Store) and here * (Apple App Store).
How to avoid fleece applications
As subscriptions are more and more frequent in app stores, users are advised to be careful when downloading and using apps. To avoid fleeceware, Avast recommends the following tips:
- Be careful with free trials of less than a week. Applications that offer free trials for very short periods should be treated with caution. It's important to make sure you understand how much your app will be charged and assess whether the heat of the app justifies the recurring fee.
- Skepticism of viral app ads. Pile advertisements are likely to have attractive messages and images to grab the attention of users. What's not that common is that they reflect the actual functionality of the application.
- Read the fine print. A closer look will likely reveal the app's true price. The details of the application should be read carefully, paying particular attention to the section «purchases in application». We recommend that you familiarize yourself with the terms of what you are subscribing to, even if it is a free trial, as there may be automatic charges thereafter.
- Secure payments. It is recommended to ensure that the payment methods used are protected by passwords or biometric security. This can also prevent accidental subscriptions by children.
* Source: Estimates and Ad Intelligence from Sensor Tower, a mobile app marketing intelligence and knowledge company