Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
IOS Security

Fleeceware Apps Discovered on the iOS App Store (zdnet.com) 28

More than 3.5 million iOS users have installed "fleeceware" apps on their devices, UK security firm Sophos warned in a report published earlier this week. From a report: The term fleeceware is a new addition to the cyber-security jargon and describes apps engaging in a new form of online fraud. Coined last year by Sophos researchers, the term refers to mobile apps that abuse legal loopholes in the app trial mechanism on Android -- and now iOS. Both the Google and Apple app stores allow app makers to create trial periods for commercial/paid/subscription apps. Users can install these apps and sign-up for a trial by giving the app permission to incur a charge on the user's Play Store or App Store account. Once the trial period ends, the user is charged automatically on their card and allowed to use the app.
This discussion has been archived. No new comments can be posted.

Fleeceware Apps Discovered on the iOS App Store

Comments Filter:
  • Uhm, isn't all the new video services and even iHeart free right now, but all plan to charge in the future?

    • It's easy to abuse (Score:2, Insightful)

      by rsilvergun ( 571051 )
      There was a company that sold subscriptions to download ring tones. They partnered with AT&T to charge you directly on your phone bill.

      The way they did it they didn't make it clear you were signing up for a subscription, that you were being billed for a subscription, or how you would go about cancelling that subscription. There were eventually shut down, but in the meantime they made billions, and so did AT&T (who took a cut of everything).

      This is the exact same incentive structure. Google
  • No I didn't bother to read the actual linked article, because the summary just seemed to be describing how trial subscriptions work?

    I mean, what is wrong with a free trial followed by a subscription, as long as you cancel before the trial ends? All of the apps I've tried that do this are pretty clear about the fact that when the trial ends your subscription will start.

    • It appears the issue is that uninstalling the app doesn't automatically unsubscribe the customer.
      I can see it both ways. For instance if you sign up for Netflix on your phone, you don't necessarily
      want your subscription to automatically end if you uninstall the app from your phone.

      • I don't think developers are notified if someone uninstalls.
        • Why would they? Uninstalling an app is done for more than just because you don't like it. Perhaps you tried it out on your phone where you heard about it but then use it on your tablet so then you remove it from your phone to save space. Or you remove it to reinstall it as sometimes that's the only way to fix a problem.

      • by Euler ( 31942 )

        I can see it both ways too: it's fairly naive to think that uninstalling would clean-up everything like subscriptions, security settings, etc. Too many other experiences with technology would indicate this. i.e. does an uninstaller on a PC ever _really_ remove all traces of the application? And most things that we "sign-up" for like an email account, etc. also have web access regardless of the computer or phone used to create the account.

        On the other hand, for an audience of mainstream users or even tech

        • Being subscribed to a service that you decided not to use or didn't even access after the trial period is without reason; it boils down to: "ha ha, you should have known better, I'm keeping your money now."

          The developer does not know if you uninstalled. For non-client/server apps the developer does not know if you are using the app.

          The article seems to indicate that both Google and Apple manage subscriptions and that includes being able to cancel in settings. The bit about a developer having their own code for cancelation might be misleading. Like in-app purchases the developer is likely calling the operating system purchase/subscription management code. This probably supplements what is in settings, not r

      • "It appears the issue is that uninstalling the app doesn't automatically unsubscribe the customer"

        Upgrading iOS to have this as a feature would just be pandering to common ignorance. Like how back in the day people would call Nintendo cartridges "tapes" (that always annoyed me), or thought that changing the channel on the TV would cause the VCR to not record the show it's supposed to. And of course, blinking "12:00"s everywhere.

        OTOH, Apple may feel obligated to protect users from their own ignorance (again)

    • The article is complaining that people are signing up for free trials of useless apps like flashlights or palm reading that will then charge outrageous fees once the trial is over. The users then delete the app before the trial is over and then complain when their credit card is hit because, on iOS, they didn't cancel the subscription in the Settings like they were supposed to. Apple forces all apps to have a warning on the App Store to say that deleting the app doesn't cancel the subscription or else the a

  • From reading the article it seems both iOS and Android provide a mechanism to cancel subscriptions. They are the ones actually billing and maintaining the subscription after all.

    Developers are not informed when someone uninstalls an app.
    • by Sebby ( 238625 )

      From reading the article it seems both iOS and Android provide a mechanism to cancel subscriptions. They are the ones actually billing and maintaining the subscription after all.

      Quite right - but Apple/Google will act all like "We're just intermediaries between you and the developer (even though we don't let the developer know anything about you at all), so you need to take it up with them if you have a problem.", even though it's Apple/Google that shows up in the credit card statement for the charges.

      As far as I'm concerned, them processing the charge but denying any responsibility of the product should be considered fraud.

      Developers are not informed when someone uninstalls an app.

      Correct, they're not.

  • This is how most subscription models have worked for the last 40 years.

    Just because they've come up with a new name, Sophos seems to be trying to cash in on press coverage.

    We shouldn't give them any.
  • by Minupla ( 62455 ) <minupla@gmail.PASCALcom minus language> on Thursday April 09, 2020 @02:06PM (#59925876) Homepage Journal

    Missing from the fine summary:

    "Fleeceware apps take advantage of the fact that app makers can still charge users even after users uninstall the app from their devices.

    App store policies allow app makers to create their own trial cancelation steps, and some app makers won't interpret uninstalling the app as a trial period cancellation but instead force users to go through complicated procedures."

    So you can totally cancel, just proceed to the cellar, with a flashlight, without the stairs, and place your request in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "beware of the leopard". Easy!

    • by CanadianMacFan ( 1900244 ) on Thursday April 09, 2020 @02:26PM (#59925946)

      Sorry, not on iOS. It's just stupid users that don't read the template warning that developers are forced to put in the app descriptions on the store. So they delete the app thinking that it stops the subscription. On iOS to stop a subscription the user has to go into Settings, find the Subscriptions and turn it off there. I've seen a lot of reviews where users complain that an app was a scam because the subscription continued, the developer always comes back and says that deleting the app doesn't cancel the subscription, and that they will get a refund back from Apple.

      Ideally to make it more user friendly, Apple would catch the deletion of the app and ask them if they would like to cancel the subscription. It would save the developers being harassed by the users whom didn't follow the instructions.

      • Ideally to make it more user friendly, Apple would catch the deletion of the app and ask them if they would like to cancel the subscription.

        Apple does do that [arstechnica.com] as of iOS 13.

        What does Android do again? [google.com]

        Why did you call out Apple on this instead of Google?

        • by Kejiro ( 2803123 )

          Why did you call out Apple on this instead of Google?

          Maybe because he only have experience on iOS and doesn't know how it works on Android, and therefore can't comment on it

          I know this is Slashdot, but not everyone is trying to start a flame war :P

  • Thatâ(TM)s been like that since forever
  • by Anonymous Coward

    In any consumer friendly setup, the legal requirement should be something like this:

    If you install an app and subscribe through it, and then uninstall, it should give you a clear, simple option to either cancel your subscription (because you're done with it) or continue (because you're going to use the same subscription on another device or platform).

    • by LostMyAccount ( 5587552 ) on Thursday April 09, 2020 @02:55PM (#59926028)

      In any consumer friendly society, subscriptions should have an automatic expiration date that requires affirmative action to be renewed.

      • In any consumer friendly society, subscriptions should have an automatic expiration date that requires affirmative action to be renewed.

        It's printed on your credit card.

        • Except I don't think I've had a credit card in the last 10-20 years that didn't have an expiration date until years in the future.

          I also wonder if reoccurring charges even bother checking expiration dates or if that only matters for the initial charge on subscriptions. With the idea being that the card issuers/networks care most about transaction fees and pleasing merchants providing regular transaction income.

          I've often considered dedicating a card to all my subscriptions and just cancelling it and gettin

  • Wouldn't that be like ALL commercial software ever?

  • On the iOS App Store. I had to edit and resubmit my *exceedingly clear, already* policy several times before Apple let me in. They made me adjust the sizing of a couple words, focus more on the pricing of the subscription, link to terms, change some phrasing, etc. The policy is 1 month free, 49Â a month afterwards. Really not hard to understand. I think the problem phrase was âoeStart your free trial!â since it was larger than âoe49Â/monthâ by a few pts. For real, they are put
  • Its iOS v12.4.6's settings doesn't show a Subscriptions option.

  • Once the trial period ends, the user is charged automatically on their card and allowed to use the app.

    That would rather assume that you have linked a credit card containing money to an application on your phone.

    I know people have been screaming and begging vor me to do that for a decade or so, but I've yet to see one good solid argument for doing so. Do people actually fall for this shit?

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...