A total of 23 misleading Android apps containing dangerous ‘fleeceware’ have been discovered by cybersecurity specialists, who are now urging users to immediately delete them.
Experts at IT security company Sophos have warned that the apps could scam users out of thousands of pounds if they remain on their phones. The news comes after Google released new app developer policies in June.
How have the scam apps gone undetected?
The 23 apps have found loopholes in Google Play Store’s new policies and are using a variety of methods to fleece unsuspecting customers out of their money.
Researcher Jagadeesh Chandraiah wrote in a blog post, that Google’s new policies were not adequate enough and left opportunities for app developers to violate the rules without raising the alarm.
He wrote, “In June, Google updated its developer policies, adding new directives to how apps must inform consumers about the true terms and cost of subscription-based apps licensed through the Android Play Store.
“These changes address some of the issues that characterise apps we refer to as fleeceware.
“The new Google-issued rules are designed to address some forms of deceptive marketing display copy, but they also have some loopholes that permit other behaviour some might consider unscrupulous.”
The full list of the 23 dangerous apps
If you have any of the following apps downloaded on your phone it is highly recommended that you unsubscribe and delete them immediately.
The ‘blind subscription’
One method apps employ to scam users is known as the ‘blind subscription’ or ‘blind sub’ tactic.
For example, one such app entices users to download the app with the promise of a free trial, yet it fails to mention the full details about the subscription. The subscription process has been whittled down to the simple press of a button labeled ‘Try FOR Free’ or ‘Start Free’.
Users who have downloaded this app are not made aware of the duration of the ‘free trial’ or how much they are being charged once this ‘trial’ ends.
Chandraiah added, “According to Google, ‘the offer emphasizes the free trial, and users may not understand that they will automatically be charged at the end of the trial.’ Publishers aren’t allowed to do this anymore, but some still try.”
What other tactics are used?
Another method that these apps employ is described by Sophos with a play on the word ‘camouflaging’.
The word ‘Termoflauging’ describes the way some apps hide their terms and conditions from users by slyly implementing impossibly small text, in font colours that blend into the colour of the app’s background.
These apps technically display the full subscription details, despite being hard or impossible or read and therefore they can sometimes go undetected.
What is Google doing about these apps?
According to Sophos, despite the new developer policies going live two months ago, some app developers still hadn’t properly implemented Google’s policy changes to their apps. And Google has not been quick to remove the apps which continue to violate their policy terms.
Chandraiah said, “Some of the app publishers subsequently released policy-compliant apps, but Google removed a few from the Play Store, too.”