SophosLabs warns of 'fleeceware' targeting iOS users
Sophos has published a report called ‘Don’t Let Fleeceware Sneak into Your iPhone’, illustrating how users of Apple devices are being targeted by applications that overcharge users through expensive subscriptions or unethical in-app purchases. The security company dubs these apps as 'fleeceware'.
Sophos' researchers have found over 30 iOS fleeceware apps available on Apple’s official App Store that between them are estimated to have been installed around 3.6 million times.
These apps include image editors, fortune-telling apps, QR code or barcode scanners, and face filter apps, with some charging weekly subscriptions of $9.99, or $520 annually.
Sophos first alerted mobile users to fleeceware in September last year, when it found several of these apps for Android devices. In January this year, researchers published an additional paper, ‘Fleeceware Apps Persist on the Play Store’, detailing the discovery of another 20 apps, with nearly 600 million alleged installations between them, according to Google Play.
Jagadeesh Chandraiah, senior security researcher at SophosLabs and author of the latest report, says the main purpose of the iOS fleeceware apps is 'to severely overcharging users'.
Although not officially malicious, fleeceware apps are unscrupulous, preying on consumer trust with dishonest techniques aimed at making money.SophosLabs
“As was the case with the Android apps discovered in 2019, the app developers take advantage of monetisation practices widely used by legitimate free apps, but take them one step further,” he adds. “For example, in the hands of the fleeceware app developers, short free trials followed by a monthly subscription soon add up to hundreds of dollars a year in charges, and in-app purchases turn out to be essential for good app functionality rather than optional enhancements or extras.”
Although not officially malicious, fleeceware apps are unscrupulous, preying on consumer trust with dishonest techniques aimed at making money. They encourage unsuspecting users to install them through aggressive online advertising and what are more than likely fake five star reviews, warns Chandraiah.
Sophos offers some practical steps mobile users can take to better protect themselves against these apps. Firstly, to only install apps from official and trusted app stores such as the Apple App Store and Google Play. Malicious or unscrupulous apps are regularly reported to them by security researchers and others.
Next, it says to always be vigilant when installing apps and to carefully scrutinise those that are new or which you have heard about through in-app advertising.
Knowing how to cancel subscriptions is the next step. "Just deleting the app from your phone is not enough. The best online directions are on Apple’s support page and Google’s Play Store support page.”