Sophos has an excellent security team of researchers, which discovered a new set of “fleeceware” apps. Apparently, they have been downloaded and installed by more than 600 millions of Android users.
In case you don’t know, the term “fleeceware” was added recently to the cyber-security vocabulary. It was coined by Sophos itself last September, after an investigation that discovered that there’s a new type of financial fraud happening on the official Google Play Store. This term refers to the apps that abuse the ability of Android apps to run trial periods before payment is charged to the account of the user.
It goes by default: all the users who sign up for an Android app trial need to cancel it manually if they don’t want to be charged. But most of the users simply uninstall the app if they don’t like it. Most of the app developers get this action as a trial period cancelation, which means that they do not charge the users after he or she uninstalled the app. However, last year, Sophos found out that some of the Android app developers did not cancel the trial period of the app after it was uninstalled – and they did not receive a specific request from the user, either.
Sophos discovered 24 Android apps that were charging a lot – between $100 and $240 a year – for the simplest apps out there, such as a simple QR reader, or a calculator. These apps are called by Sophos “fleeceware.”
In a brand new report which was published yesterday, we see that Sophos discovered another wave of this kind of apps, which continued to abuse the trial scheme of the app in order to charge people after they’ve uninstalled an app. All of these apps were installed by more than 600 million users.