Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Fleeceware apps discovered on the iOS App Store

April 10, 2020
in Internet Security
Fleeceware apps discovered on the iOS App Store
598
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

More than 3.5 million iOS users have installed “fleeceware” apps on their devices, UK security firm Sophos warned in a report published earlier this week.

The term fleeceware is a new addition to the cyber-security jargon and describes apps engaging in a new form of online fraud.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Coined last year by Sophos researchers, the term refers to mobile apps that abuse legal loopholes in the app trial mechanism on Android — and now iOS.

How fleeceware works

Both the Google and Apple app stores allow app makers to create trial periods for commercial/paid/subscription apps.

Users can install these apps and sign-up for a trial by giving the app permission to incur a charge on the user’s Play Store or App Store account. Once the trial period ends, the user is charged automatically on their card and allowed to use the app.

Fleeceware apps take advantage of the fact that app makers can still charge users even after users uninstall the app from their devices.

App store policies allow app makers to create their own trial cancelation steps, and some app makers won’t interpret uninstalling the app as a trial period cancellation but instead force users to go through complicated procedures.

But while some app makers have abused this loophole to charge users a few dollars for their apps, some unscrupulous app makers have been fleecing users for hundreds of dollars — hence the term “fleeceware.”

For example, last year, Sophos discovered more than 50 Android apps [1, 2], installed by more than 600 million users, that were abusing trial periods to charge exorbitant amounts of money for basic features that are usually available for

Most of these were flashlight apps, horoscope apps, and barcode scanners that were charging obscene fees ranging from $100 to $240 per year for the most basic of features.

Fleeceware discovered on the App Store

Now, in a report published yesterday, Sophos says they found similar apps on the Apple App Store, engaging in near similar behavior.

“Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune-telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies,” said Sophos mobile malware analyst Jagadeesh Chandraiah, who’s been looking into fleeceware apps since last year.

The researcher says he identified 32 iOS apps (see table at the end of this article) that charge up to $30/month or $9/week for simple features that are usually available for free. Some of these fees seem small, but they can add up to between $360 and $468 per year, Chandraiah warned.

Chandraiah says that by analyzing app reviews, it was clear that the apps relied heavily on online ads to drive traffic and installs, but then failed to provide any meaningful features, and later charged users when they didn’t follow proper trial cancelation procedures.

fleeceware-reviews.png

Image: Sophos

The Sophos researcher says that many of the apps he identified as engaging in fleeceware-like behavior are some of the highest-grossing apps on the Apple App Store.

“It’s debatable that the apps provide ‘ongoing value to the customer,’ as required in Apple’s App Store Review Guidelines for app subscriptions, section 3.1.2(a),” Chandraiah said, suggesting that these apps should not be allowed on the App Store, in the first place.

However, the apps are still available for download at the time of writing. The Sophos researcher suggests that Apple may be allowing the apps to continue on its store because the company makes a commission from all app purchases.

Chandraiah recommends that device owners review their Google and Apple app subscription sections regularly to make sure they haven’t been tricked into an unwanted subscription. See instructions below.

On Android:

On your Android phone or tablet, open the Play Store.

  1. Check if you’re signed in to the correct Google Account.
  2. Tap the hamburger menu icon  Subscriptions.
  3. Select the subscription you want to cancel.
  4. Tap Cancel subscription.
  5. Follow the instructions.

On iOS:

  1. Open the Settings app.
  2. Tap your name, then tap Subscriptions.*
  3. Tap the subscription that you want to manage. Don’t see the subscription that you’re looking for?
  4. Choose a different subscription option, or tap Cancel Subscription.If you don’t see Cancel Subscription, the subscription is already canceled and won’t renew.
ios-fleeceware-apps.png

Image: Sophos

Credit: Zdnet

Previous Post

Bayesian Model for COVID-19 Spread Prediction

Next Post

AI Guides | AI & Automated Decision Making

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Machine learning: is there a limit to technological patents in Brazil?

AI Guides | AI & Automated Decision Making

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
The Time-Series Ecosystem – Data Science Central
Data Science

The Time-Series Ecosystem – Data Science Central

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AI And Automation In HR: The Changing Scenario Of The Business February 28, 2021
  • Machine learning could aid mental health diagnoses: Study February 28, 2021
  • Python vs R! Which one should you choose for data Science February 28, 2021
  • Can Java be used for machine learning and data science? February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates