“Fleeceware” – What is It, and What’s the Risk?

Reading Time: 4 minutes

It’s likely accurate to say that most people put a lot more priority on security measures for their desktops or notebooks than they do for their phones. While it is true that most mobile operating systems will have anti-virus features to some extent, it’s becoming increasingly clear that nowadays that’s not going to be sufficient much of the time.

Incidences of phones become infected with malware are increasingly common, and there’s going to be very few people who aren’t familiar with that term.

However, one newer variety of ‘ware’ that isn’t going to be as universally well known as malware is going to the subject our post here today. Here at 4GoodHosting, we may a quality Canadian web hosting provider but our higher level of web-savviness doesn’t make us any less at risk of these bugs messing with our mobile devices than the rest of the average citizenry is. The difference is we’re in a position to always be made aware of new threats that come along, whereas most of your likely aren’t.

That’s why we always make a point to share these types of information. Who wouldn’t be especially displeased to find out their phone has been compromised, so here it is – a discussion about the newest type of malware to arrive onto the scene – what exactly is ‘fleeceware’, and what can we do about it?

Perils of Free Trial Periods

Before we discuss this new type of malware, iPhone users can breathe easier and then see themselves out. Fleeceware is making victims out of Android users exclusively, at least for now, and it’s de facto delivery method is actually through the Google Play Store. Obviously this is one of the most visited digital storefronts in the world, if a recent research survey is to be believed then these Fleeceware apps have been unwittingly downloaded and installed by over 600 million Android users after making purchases through Google Play.

Now for those of you who don’t have the most expansive vocabulary, fleece – when used as a verb – is ‘to strip of money or property by fraud or extortion’ (credit to the good folks behind Merriam-Webster’ excellent online dictionary). So that gives you an idea of what’s going on here with this.

It was last September when this term was coined, after it was discovered a new type of financial fraud taking place on the Google Play Store. The term itself refers to apps that abuse the ability to offer trial periods to users before their accounts are charged. But of particular caution here is when a person signs up for an Android app’s ‘trial period’. If this is something you’re considering, be forewarned that you really need to proceed with caution.

How it Happens

Here’s how this plays out, both nefariously and all too discreetly; When a user signs up for an Android app trial period, they must manually cancel the trial to avoid being charged. Most users choose instead to uninstall apps they don’t like, and most app developers take this as an indication they wish to cancel the trial period without being charged.

It was only recently that it was discovered that some app developers made no such cancellations to an Android app’s trial period after it was uninstalled. Rather, they kept charging them in spite of the fact that they were no longer using the app.

They were ‘fleecing’ these former free trial-period users, and doing so in a way that didn’t allow these individuals any way of knowing they were still ‘on the hook’ for the app even though they’d deleted it from their devices before the free trial period ended.

More Than a Few Fleeceware Apps

Industry watchdogs discovered 24 Android apps that were charging high fees, ones that were between $100 and $240 on average per year, for simple apps such as QR readers and calculators. And again, after their trial periods hand ended and independent of whether or not the person had deleted the app from their phone

Plus, it’s also been revealed that another set of Android fleeceware apps have been unwittingly downloaded by people through the Google Play Store with no reason for them to be suspicious. The good news is that many of these dark-sided apps have telltale signs that indicate a possible fleeceware app.

  • Unprofessional design and ‘cheap’ appearance and / or UI (user interface)
  • Abnormal number of 4 or 5-star reviews that do not have any commentary attached to them, or very little and vague wording (aka ‘sockpuppet reviews’)

The industry consensus seems to be that while fleeceware apps are being scrutinized and put in the public spotlight more, there’s still less focus on them as compared to ‘debilitating’ types of malware that affect the function of the device more directly. It’s a problem that Google will have to deal with for their Play Store, and it would be nice to seem them move more quickly in response to this.

What can you do to protect yourself? For starters, and quite basically, you should think twice about signing up for any trial period, and especially for any app that meets the criteria listed above for possible fleeceware ones. Next, be sure to actually cancel any trial periods rather than opting to simply delete the app.

More and more folks are choosing an anti-malware software for use with their mobile devices, and it’s really a smart call these days. Here’s hoping all of you who frequent the Google Play Store are more informed when it comes to shopping safely these days.

Post Navigation