Australian smartphone users have been the biggest victims of any country for a new breed of malicious software costing the nation millions of dollars through hidden fees within apps. According to global online security company Avast, Australia’s 10 million downloads of fleeceware apps were the highest of any country in the Apple App Store and Google PlayStore – costing the government $9.9m.
Fleeceware is designed to severely overcharge users for mobile apps providing simple functions that are free or cheap in other apps. Fleeceware app developers take advantage of users by offering short, free trial periods. If a user who downloads and installs a fleece is app has not uninstalled it and unsubscribed in their subscription settings before the trial ends, the app developer begins to charge the user exorbitant fees.
In the Apple App Store, there are 25 fleece apps with hidden or disguised fees of $500 or more a year. The top offender is “Flame”, a dating app that while disclosing its annual payment of $119.99 can max out at almost $780 a year. A range of apps – from ‘” Nebula: Horoscope and Astrology” to “Factory: Face Yoga and Exercise” – have annual subscriptions of $29.99 but can max out almost $520 a year.
In some cases, users can be charged as much as $66 per week, totalling $3432 a year. Most of the applications Avast discovered ranged from $4 to $12 a week or between $208 and $624 per year. A list of fleeceware apps in the Apple App Store can be found here, while a list of those in the Google PlayStore can be found here.
Avast security experts have reported 200 fleece are applications to both Apple and Google for review. An estimated one billion downloads of fiber are apps globally have accrued more than $400m in revenue for developers. Fleeceware applications are actively advertised on major social networks such as Facebook, Instagram, Snapchat and TikTok.
Avast threat analyst Jakub Vávr said the majority of users would not download fleece are apps that posed as cheap, everyday apps if they knew the whopping fees involved. “The fleece is applications we’ve discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and slime simulators,” Mr. Vávr said.
“While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market.” Mr Vávr also said younger users whose parents paid for their smartphones were easy targets.
“It appears that part of the fleece is strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or’ free to download’,” he said. “By the time parents notice the weekly payments, the fleece may have already extracted significant amounts of money.” Avast security experts recommended users avoid fleece are apps by being careful with free trials of less than a week, reading the fine print carefully within each app, and securing their payments.