Researchers Find Malicious Apps Perpetrating Financial Fraud on Google Play Store

More than 600 million users installed Android 'fleeceware' apps from the Play Store https://t.co/AZylNt0okH

— ZDNet (@ZDNet) January 16, 2020

Cybersecurity experts at SophosLabs reported the activity, having noticed a set of apps that contain fleeceware and could be used to exploit users.

Uninstalling Apps on Google Play Isn’t Enough Anymore

Fleeceware is the term given to apps which prey on the prevailing culture of service payments and app charges. Most paid apps and services usually provide users with a free trial period. During this period, users can enjoy the full range of their services and decide whether or not they’ll like to continue using the apps in the long term. Most app developers see an uninstall action as the unwillingness of a user to carry on. However, fleeceware apps continue to charge these users, regardless of whether their apps are still on the users’ devices or not. Last year, SophosLabs discovered a strain of 24 apps that were abusing this privilege, charging fees between $24 and &100 for basic services like calculators and QR codes. However, company malware analyst Jagadeesh Chandraiah revealed that there are even more apps that are taking advantage of this. “The total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play,” the analyst revealed. Chandraiah also hinted that some of the apps use third-party pay-per-install services and bought reviews on the app marketplace to entice unsuspecting users.

Fleeceware is trying to pull the fleece over your eyes… Be on the lookout for this mobile malware tactic! 🙈

See more in the @SophosLabs 2020 Threat Report: https://t.co/Y7L9eKINt2 pic.twitter.com/X635kbf534

— Sophos (@Sophos) December 19, 2019

Arduous Recovery Process for Users

The firm explained that the fleeceware issue is becoming more of a challenge for users, especially as operational policies on the Play Store seem to be even less user-friendly than those of credit card companies. While perusing the review sections of some of these apps, the company found that some legitimate users who had installed them were still charged after they had followed the manual uninstallation steps. Those users who were able to get refunds could only do so after going through arduous processes. SophosLabs also pointed out that some of the apps were overcharging their users by taking weekly or monthly “subscription” fees in addition to the “annual,” lump-sum fees paid. The company’s research was primarily focused on the Google Play Store, as company principal researcher Andrew Brandt explained that the Apple App Store is usually stricter when it comes to app requirements and guidelines.