Prague, Czech Republic, March 24, 2021 — Avast (LSE:AVST), a global leader in digital security and privacy, has discovered more than 200 new fleeceware applications on the Apple App Store and the Google PlayStore. The apps have been downloaded approximately one billion times and accrued over $400 million in revenue so far*. Avast has reported the fleeceware applications to both Apple and Google for review.
The applications attract users with a promise of a free 3-day trial, with an unusually high subscription fee attached. Once the trial is over, users are charged a recurring subscription fee - even if they deleted the app by that time - until they cancel the subscription in their device’s app subscriptions settings. One of the apps, for example, offers a short free trial followed by a $66 per week subscription, potentially costing the victim $3,432 per year unless cancelled. These fleeceware applications are actively advertised on major social networks such as Facebook, Instagram, Snapchat and TikTok*.
"The fleeceware applications we've discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and 'slime simulators'. While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market," said Avast’s Threat Analyst Jakub Vávra in a blog post.
"It appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of 'free installation' or 'free to download'. By the time parents notice the weekly payments, the fleeceware may have already extracted significant amounts of money," continued Vávra.
Avast researchers discovered the Android fleeceware applications via its mobile threat intelligence platform apklab.io, and then expanded their research to the Apple App Store. The apps with their estimated downloads and revenue can be found here* (Google Play Store) and here* (Apple App Store).
How to avoid Fleeceware apps
With subscriptions becoming more prevalent in app stores, users are encouraged to be vigilant when downloading and using applications. To avoid fleeceware, Avast advises:
- Be careful with free trials of less than a week. Applications that offer free trials for very short periods should be handled with caution. Make sure you understand how much you will be charged and that the app is worth the recurring fee.
- Be sceptical of viral advertisements for apps. The advertisements for fleeceware are likely to have enticing messaging and images to attract users’ attention. They likely do not reflect the actual functionality of the application.
- Read the small print. A closer look will likely reveal the true price of the app. Read the application’s details carefully, paying close attention to the ‘In-app purchases’ sections. Make sure to familiarize yourself with the conditions of what you’re subscribing to, even if it is a free trial, as there may be automatic charges thereafter.
- Secure your payments. Ensure that your payment methods are locked behind a password or biometric check. This can prevent accidental subscriptions by children as well.
*Source: Estimates and Ad Intelligence from Sensor Tower, a mobile apps marketing intelligence and insights company
Avast (LSE:AVST), a FTSE 100 company, is a global leader in digital security and privacy products. With over 435 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of Coalition Against Stalkerware, No More Ransom and Internet Watch Foundation. Visit: www.avast.com.
Keep in touch with Avast:
- Follow us on Twitter: @Avast_antivirus
- For security and privacy insights, visit the Avast blog: https://blog.avast.com/
- Join our LinkedIn community: https://www.linkedin.com/avast
Visit our Facebook group: www.facebook.com/avast