Security firm finds sketchy ‘fleeceware’ apps in iOS App Store

By

app-store
The App Store may not always be impervious to "Fleeceware."
Photo: Apple

A cyber-security firm in the United Kingdom has identified 32 iOS apps that it dubs “fleeceware” for subscriptions and in-app fees that amount to a form of online fraud.

More than 3.5 million iOS users installed the apps, most of which were image editors, QR and barcode scanners, horoscope and fortune-telling apps and face filters for selfies. Two astrology apps making the list are among the first 20 in top-grossing iPhone apps in the UK.

Some charge subscription rates as high as $30 month once a short, free trial period expires. In all cases, both quality and utility the apps offered were dubious, Sophos Labs concluded in its review of the iOS App Store.

“Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps,” Sophos researcher Jagadeesh Chandraiah wrote on the company blog this week. “It’s debatable that the apps provide ‘ongoing value to the customer,’ as required in Apple’s App Store Review Guidelines for app subscriptions.”

‘Fleeceware’ apps and developer guidelines

Apple declined to comment but referred Cult of Mac to passages in the App Store guidelines for developers that forbid subscriptions and in-app purchases that are clear ripoffs.

The guidelines read: Apps that attempt to scam users will be removed from the App Store. This includes apps that attempt to trick users into purchasing a subscription under false pretenses or engage in bait-and-switch and scam practices. Apps should never prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

A Sophos Labs investigation last year into suspected “fleeceware” apps in the Google Play Store turned up more than 50. This time, the firm wanted to see whether such apps were getting through Apple’s application rigor.

How do iPhone users get sucked in by these apps? Chandraiah said “fleeceware” apps are discovered through advertising running on various social media sites, like YouTube, TikTok or Instagram.

“If you find yourself wondering why users would even consider installing apps such as these, it’s probably thanks to advertising,” Chandraiah said. “(The) app presents you with a ‘free trial’ notification immediately upon launching the app for the first time. This notification prompts the user to provide payment card details. Most of the useful features of the apps will only be usable if you sing up for the subscription. Some users many sign up to subscribe without reading the fine print, which includes the actual cost of the subscriptions”

He said a number of these apps were topped with several suspicious four- and five-star reviews. Further down, the reviews turn sour as people share the surprise charges on their account.

One review described a dad checking his daughter’s phone to find an app that charged $9.95 per week – and a bill for more than $184.

Unscribe from your ‘fleeceware’ apps

Sophos Labs recommends routinely checking apps with subscriptions to make sure you’re not being gouged.

If you suspect you have a “fleeceware” app on your iPhone and want to cancel it, open Settings, tap your name and then tap Subscriptions. Find the subscription you want to end and tap Cancel Subscription.

If you don’t see Subscription in Setting, got to iTunes or the Ap Store instead. Tap on your Apple ID, then tap View Apple ID. Once you sign, you can scroll down to Subscriptions.

To see the list of apps Sophos Labs identified, scroll down to the bottom of the post on the company’s blog.

The 32 apps generated $4.5 million. Apple gets a 30 percent cut on each app during the first year and 15 percent afterward.

Source: ZDNet