In brief: While malware-packed apps are usually, though not always, kept off Google’s and Apple’s stores, researchers have discovered hundreds of applications on these services that fall into another category, one that is potentially just as harmful: fleeceware.
For those unfamiliar with the term, fleeceware apps aren’t technically malware as they don’t contain malicious code, steal data, or attempt to hijack devices. This allows them to circumvent the Play Store and App Store vetting processes. What they do have, however, is obscenely high subscription fees, sometimes reaching over $3,000 per year.
Researchers at Avast have discovered a total of 204 fleeceware applications with over a billion downloads on the Apple App Store and Google Play Store. Their subscriptions have earned the developers more than $400 million in revenue.
Breaking those numbers down, 134 fleeceware apps were found on the Apple App Store. They’ve been downloaded an estimated 500 million times and brought in $365 million in revenue. The Google Play Store, meanwhile, has 70 fleeceware apps. While they’ve also been downloaded around 500 million times, their revenue is about ten percent of those on Apple’s platform: $38.5 million.
Most of these apps entice people into signing up by offering a three-day free trial. Once that ends, users are charged a high, recurring fee. The makers rely on people forgetting to cancel or assuming that uninstalling the app will stop the charges.
The apps are predominantly related to astrology, horoscopes, musical lessons, photo/filter software, QR/PDF scanners, and video editing. While they do tend to perform their primary functions, similar and usually better alternatives are available for free or at a low, one-off price. Most fleeceware charges users between $4 to $12 per week, though this can reach $66 per week in some cases, equalling $3,432 per year.
As they aren’t malware, the apps can advertise on social networks, making them appear more credible, especially to younger users.
Avast notes that Google and Apple aren’t responsible for subscription refunds after a specific period and redirect the victims to app developers. Reviews suggest the fleeceware devs either ignore complaints or claim users should have known about the subscription fees.