Researchers have discovered hundreds of fleeceware mobile apps on Google Play and the Apple App Store that are earning their developers millions of dollars.
While stalkerware, spyware, and malvertising apps infect devices for spying, data theft, and in order to bombard users with ads to generate fraudulent revenue, fleeceware apps attempt to lure handset owners to download software before charging them extortionate 'subscription' fees.
Often enticed with 'free' trials, users will then be overcharged to use the app, which in some cases can reach upward of $3,000 per year.
Software subscriptions, such as for professional services, enterprise solutions, and creative platforms can be expensive -- but unlike these legitimate offerings, there is generally nothing special about fleeceware.
Developers rake in the proceeds from their creations, and while not illegal, it can be hard for users to figure out how to escape subscription charges -- and it appears this method of generating app revenue continues to rise in popularity.
This week, Avast researchers said they have found a total of 204 fleeceware apps on both Apple's App Store and the Google Play Store.
A total of 134 apps have been found on Apple's iOS platform with an estimated 500 million downloads and projected revenues of $365 million.
When it comes to Google Play, 70 fleeceware apps have been discovered with 500 million downloads and a profit margin of $38.5 million for the time they have been active and available.
Predominant fleeceware app trends include astrology, horoscopes, photo and filter software, music lessons, cartoon creation, QR code/PDF document scanners, and video clip editing.
The majority of fleeceware apps examined by Avast offer a three-day trial before subscriptions begin.
"Once the trial is over, the user is charged a recurring high subscription fee, generating substantial revenue for the developers," the researchers say. "There's also the possibility that users forget to cancel the free trial, resulting in expensive fees."
These apps do generally provide the features they advertise, but even if just a handful of users fail to notice subscription payments going out, then this creates revenue far beyond what the software is likely to be worth.
Subscriptions range from weekly to monthly charges of everything from $4 to $66 a week.
Even if a user deletes the app after they notice outgoing payments, this does not mean their subscription stops -- which allows the developer to cash in further.
Google and Apple are not responsible for refunds after a certain time period, and while the companies may choose to refund as a goodwill gesture in some cases -- such as when children rack up huge bills through in-app purchases -- they are not obliged to do so. Therefore, the only options may be to try and contact developers directly or to request a bank chargeback.
Both companies warn of active subscriptions when an app is deleted, but Avast says "it's evident that fleeceware apps continue to bring in revenue."
Previous and related coverage
- Fraudsters jump on Clubhouse hype to push malicious Android app
- Malicious apps on Google Play dropped banking Trojans on user devices
- With one update, this malicious Android app hijacked millions of devices
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0