How to protect yourself against fleeceware and hidden paid subscriptions

Many people automatically associate high price with some extraordinary quality. So, if they can try an expensive product free, even those who don’t plan to buy it suddenly become interested. And this is exactly what some smartphone app developers take advantage of!

Try something expensive that you don’t really need and end up paying hundreds of dollars!

In the past weeks, cybersecurity researchers have found a collection of calculators, QR code scanners, photo enhancers, and other programs with basic functionality on Google Play that were making a user-pay up to €200 per month.
More surprisingly is the fact that the apps had been downloaded by tens of millions of people, if not more.
Users were promised a three-day trial period. Realizing that subscribing to such apps would be pointless, many users uninstalled them. But they were still charged.

Such apps are not malware!
All these calculators and QR scanners do not violate the store’s rules so that is why they are allowed onto Google Play. Most of the time they perform their stated function, do not request unnecessary permissions and do not contain malicious code. As for the subscription prices, no current rules would ban them from Google Play.
The good news is that when Google became aware of the issue, 14 of the 15 overcharging apps were removed from Google Play.

Fleeceware: A new name for an old trick
Such apps cannot be described as malware, so researchers started to call them: fleeceware. However, despite the newness of the name, the ruse itself — the offer of a free trial period with paid subscription hidden in the fine print — has been around for a while, and not only mobile developers exploit it.

For example, in 2011–2012 a group of wheeler-dealers distributed to women in Britain supposedly free skin cream samples that needed to be ordered online. When placing an order, users were automatically signed up for a monthly payment of £60–£70 (around $80–$90). This little detail appeared in the fine print, which few people bothered to read.

Fleeceware for iOS
This issue is not exclusive to Android; fleeceware app invaded iOS too. For example, an app called Mobile Protection: Clean & Security VPN was removed from the App Store. It had more than 50,000 users, from this big number some good part end up paying $400 per month.
Another example of iOS fleeceware was a QR code scanner. When launched, the app asked for payment details to sign up for a free trial period, and after three days it began to charge $3.99 per week.
After several such incidents, Apple began to remove the apps that do not adequately describe their subscription terms and conditions.
Good thing is that now in iOS 13, a warning appears when an attempt is made to uninstall an app with an active subscription.

How to protect against fleeceware:
Start with being suspicious of anything that looks unusual than make sure that you:
Do not download apps offering primitive features at exorbitant prices or by subscription.
Before installing an app, read reviews of both it and the developer.
If you sign up for a free trial period and do not plan to pay for the app in the future, make sure to unsubscribe.