There are good apps and bad apps. But there are also good apps that can turn bad when their time comes.
In the past, there have been warnings over the risks of Android “fleeceware” apps on Google Play Store. These apps are actually 'good' apps at first, by offering users free trial before they have to pay. However, once the trials are over, users have to pay subscription at an exorbitant rate.
Many Android users fell for the scheme, and apparently, iOS users too.
Researchers from security software and hardware company Sophos found that there are 32 iOS apps on Apple's App Store that offer a range of trivial services, but have been found to charge as much as $500 per year “via obscene weekly subscriptions that users are easily locked into without realizing.”
This kind of practice is considered "malware".
Apple's App Store is considered a more secure place than Google's Play Store. But these fleeceware are apparently among the highest revenue earners on the App Store, with some having more than 3.5 million installs.
"Many of these apps," Sophos explained on its report, "charge subscription rates like $30 per month or $9 per week after a 3- or 7-day trial period. If someone kept paying that subscription for a year, it would cost $360 or $468, respectively."
Apple has strict rules in place that require app developers to adhere to. While it's not that wrong in putting a high price for an app, but Sophos are questioning whether the apps in question "have any extraordinary features that aren’t already present in many other apps, including truly free apps."
The team said that “if you offer an auto-renewing subscription, you must provide ongoing value to the customer,” cautioning that “apps that attempt to scam users will be removed from the App Store.”
Given that many fleeceware apps are marketed as 'free' apps in App Store, it's easy to see how users can easily be tricked into downloading and inadvertently subscribing.
The trick the fleeceware apps use, is luring users to download their 'free' apps to activate their trial period.
But before users can use the app, the developers ask for payment details upfront, for convenience if ever the user decides to keep using the app. If users enter their payment details, overlooking the ridiculous price of the subscription, they will be charged with that amount once the trial comes to an end.
Users apparently tend to forget which app is which, and may have assumed that the 'fleeceware' would been deleted before the trial period is over.
Here, the developers took the advantage of the Apple's subscription model.
Similar to Android, users need for first cancel a subscription, to then delete the app, before the trial period ends. If not, users are still attached to the subscription, meaning that they need to pay whether or not the app has been deleted.
Fleeceware are just like other forms of fraudulent apps.
They rely on heavy marketing and advertising on social media networks. They have plenty of reviews and star ratings, all to lure people into trusting it. And here, the more secure Apple ecosystem seems to also fail to police this kind of fraudulent apps.
Sophos suggest users to stay alert and check the details of any app before subscribing to anything. In addition, users should also check out their existing subscriptions and cancel anything that they don’t remember subscribing to or using.