Why it matters: Apple says it reviews well over 100,000 apps and app updates every week, of which only 60 percent make it through thanks to a strict vetting process. However, scam apps still manage to thrive on the App Store and generate a significant amount of revenue for both their developers as well as the Cupertino giant which gets a commission on every sale.
Scam apps are nothing new, but Apple and Google have yet to develop a proper solution to prevent them from making it into their mobile app stores. The most recent estimate is that developers of fleeceware apps raked in $400 million from unsuspecting users in recent years.
Fleeceware apps do not fit the definition of malware as they don't take control of your device or steal any of your data. However, this is exactly what allows them to slip through the cracks in the Play Store and App Store review processes. It also doesn't help that some of these apps do include some useful functionality that helps them look legitimate.
Most fleeceware comes with a short free trial period, after which users are charged a recurring fee that can add up to a high amount over time. The reason this scheme works so well is that people usually either forget to cancel those subscriptions or simply assume that uninstalling the offending apps will automatically end the corresponding subscriptions.
Google's Play Store is known to have a less strict app vetting process, but fleeceware can make its way into Apple's App Store. The latter company is usually quick to tout the benefits of an app store governed by more stringent rules and has even added a feature for reporting scam apps. Still, fleeceware developers have been taking advantage of the free trial mechanism of the App Store and continue to do so today.
According to a report from VPNCheck, no less than 84 fraudulent iOS apps still thrive a year after being discovered by security firm Avast. Together, these apps make over $100 million in annual revenue if we go by SensorTower figures.
This means that over half of the most prominent fleeceware apps are still active and sometimes even get featured in the top paid apps list. Last month, 7.2 million people downloaded one or more of these, generating revenue of over $8 million in just a few weeks. And this doesn't take into account other apps like AmpMe and StringVPN that have been able to fly under the radar for years.
To put things in context, the App Store generates around $60 billion per year in sales. Apple makes a commission on every sale (between 15 and 30 percent), which has been the subject of hot debate and legal action in recent years. Fleeceware may only represent a small portion of the overall sales, but the Cupertino giant does get a cut of that, too.
It also doesn't help that fleeceware blends very well among normal apps, thanks in no small part to a flood of positive reviews that are generated when the offending apps first hit the App Store as freeware. Developers then add the subscription as a requirement for continued use beyond a limited free trial period (usually a few days). However, users who wish to cancel find it difficult to do so and usually need to freeze payments from their bank account to solve the issue.
When zooming out from the grim picture of fleeceware, we find the App Store is host to several gambling apps posing as kids' games, as well as apps that can scam users out of their cryptocurrency investments by posing as "official" apps for services that don't have one. Millions of teens looking for "alternatives" to big social media apps get drawn to apps like NGL, which use bots to generate engagement and convince users to part with money for seemingly broken "premium" features.
Some governments are working on regulations to enforce a so-called "code of practice" for better app store security, but progress on that front has been slow. The only solution at hand for consumers is to research any app that you're tempted to download. Furthermore, you should look for any free alternatives or paid apps that only require a one-time payment to access their full feature set.