Fleeceware

 Fleeceware is a term for mobile apps that overcharge users for basic functionality.

Unlike apps that are designed to steal personal information or infect devices with malware, fleeceware works as promised, doesn’t contain malicious code, and usually comes with a short free trial, after which the user is charged a very expensive subscription fee. 

Because fleeceware isn’t technically illegal and easily gets past Google and Apple’s vetting processes, users think these sketchy apps are safe — and many users don’t realize fleeceware is a scam until they’re billed.

Here’s how you can tell that a mobile app is fleeceware:

• Provides a free trial (often under a week).
• Advertises a lower price than the price you’re charged.
• Offers weekly or monthly payment plans.
• Costs more than similar apps.
• Targets younger and non-tech-savvy users.

Some estimates indicate fleeceware has pulled in nearly half a billion dollars in revenue in the last several years. But it’s very difficult to get the real numbers about these apps, because in many cases their download numbers have been clearly inflated using bots and app download farms (where one user installs and reinstalls apps on hundreds of devices in order to boost an app’s rankings). However, according to internet security provider Sophos (which coined the term “fleeceware”), in 2019, around 3.5 million users downloaded fleeceware from the Apple Store in the US alone!

What Is Fleeceware?

 

d

Fleeceware is a newer term, coined by researchers at SophosLabs, to describe this new generation of deceptive, overpriced apps that perform basic functions like image manipulation, auto-generated horoscopes, palm readings, and screen recording — functions which many apps already perform for free!

According to Merriam-Webster, the verb “fleece” means “to charge excessively for goods or services”. For example: If you’re spending $20 a week getting procedurally generated horoscopes, when an app like Co—Star does the same thing for free, then you’re probably getting fleeced (some skeptics would say anybody that buys into astrology is getting fleeced, but that’s a conversation for another time).

Why Do People Download Fleeceware?

Fleeceware apps find users through a variety of tactics, many of which revolve around savvy marketing, social media, and artificially inflating app store numbers.

These tactics are typically directed towards younger and less experienced users.

Fleeceware developers can inflate their download numbers by using a combination of iOS and Android emulators as well as download farms where employees download, uninstall, and reinstall apps on hundreds of devices, 24/7, in order to help an app gain good rating in the Google Play Store and Apple App Store.

These developers also use TikTok, Instagram, and Snapchat to target younger users. They buy up ad space with attractive and deceptive ads depicting incredible, free, unique products that are actually designed to scam you out of your money.

Once on the app store, fleeceware developers farm out reviews using the same techniques they use to manipulate download counts — the review sections for popular fleeceware apps typically have thousands of 4- and 5-star reviews consisting of one or two words, repeated sentences between separate reviews, and cringe-inducing bot grammar.

Once users have been convinced by all of these tactics, it’s relatively easy to convince them to sign up for a free trial or subscription (especially because many of these are younger users who are spending their parents’ money anyway).

Please Tell Me This Is Illegal!

These apps don’t steal data or take control of your phone (usually), and much of their behavior is technically legal.

They work by relying on user error — you may have accidentally consented to pay a weekly subscription when you only wanted to test a 3-day free trial, or you may have forgotten to cancel your subscription after you uninstalled an app (that’s right, uninstalling an app will not cancel your subscription).

Other fleeceware apps start out as legitimately free apps, and then force users to sign up for a subscription to keep using the app when the developers change the app description in the app stores (which is technically not allowed under Apple’s terms & conditions).

In essence, fleeceware apps are a broad form of consumer fraud — they lure users in with manipulative advertising and spoofed app store numbers, and then make millions off of the users that fail to compare the fleeceware app to competing apps. Absurdly enough, a lot of fleeceware provides tools that our Androids and iOS devices already have built-in, like QR code scanners, reverse image search, parental controls, and even flashlights.

Okay, So I Should Just Uninstall Fleeceware & Get My Money Back, Right?

Wrong! Fleeceware developers exploit users’ lack of knowledge about the nature of app store subscriptions in order to maximize their profits — you don’t cancel a subscription automatically when you uninstall an app.

iOS and Android both offer notifications for users that basically say, “You still need to cancel your subscription after you uninstall this app”, but many users simply ignore these notifications. Sometimes, users uninstall the apps during the trial period and then fail to realize that they’ve already consented to a subscription when the trial period ends.

A quick look through the 1-star reviews for common fleeceware apps will reveal that many of these companies use shady tactics to avoid paying users back for their products. Users have been charged after they legitimately cancelled their subscriptions, and many developers will refuse to pay your money back if you mistakenly paid for a costly subscription.

Again, this behavior is often borderline legal — if you consented to a subscription, the developer has no obligation to give you your money back. And even if you are in the right, they can demand you document your purchases and cancellations, which can become a bureaucratic nightmare that many users just give up on.

It’s much easier to avoid a fleeceware scam than to get restitution if you are involved in one. However, if you think you’ve been the victim of a fleeceware attack, you should contact Apple or Google immediately, using screenshots to document as much of your experience as possible.

What Are Some Examples of Fleeceware?

Over the last couple of years, both Apple and Google stores have been infested with fleeceware, which is usually removed after it’s reported by users. Here are a couple of notable instances of fleeceware apps:

Android Fleeceware

• An Android app called QR Code: Barcode Maker And Scanner listed in the European market charged users almost $124 per year after the free trial. Before it was removed from the Play Store, the app had 5,000,000+ installs. Considering the limited features a QR code scanner app offers, this app’s annual fee was way too high. Besides, there are dozens of similar apps on the Play Store, offering equivalent (and better) features for free or at a lower fee.
• Another fleeceware, Search By Image: Reverse Image Search, now removed from the Play Store, allowed users to run image-based searches. This is a free feature offered by Google, but the app developer was charging users almost $257 per year after the free trial. Prior to being flagged by Google, the app had around 10,000 installs.

iOS Fleeceware

• In 2017, Apple removed an app called Mobile Protection: Clean & Security VPN from its store. The app was a basic VPN, but with a 3-day trial period followed by a $400 monthly subscription cost. The app had 50,000+ downloads, and at least 200 users had subscribed to the monthly plans, lured by an offer of a free 3-day trial. This ridiculously expensive VPN didn’t even offer nearly the same level of speed, security, and advanced settings as legit VPN providers like ExpressVPN.
• Another iOS fleeceware app was the QR Code Reader & Barcode PRO. After an initial 3-day trial, it began charging each customer $9.49 per week or $47.99 for an annual subscription. The app had 80k+ installs and is estimated to have made the developer upwards of $90k in revenue before it was removed from the App Store.

Both Google and Apple have made significant efforts to protect their users from fleeceware apps.

Best Ways to Protect Yourself from Fleeceware Apps

These guidelines may seem basic to many users, but if a child, parent, or friend is just getting an Android or iOS device for the first time, it can be really helpful to walk them through these instructions in order to help them navigate the frequently treacherous world of app downloads.

• Use a first-party app store. You should always download apps from the Play Store and the App Store, not from third-party websites. Third-party app stores can promote malicious apps, as well as fleeceware apps.
• Research competitors. First check if the app you’re considering purchasing is even necessary — you don’t need to download a QR scanner, or a flashlight, or reverse image search, because those are all freely accessible tools. You can use Reddit and Google to see what kinds of apps are highly recommended in the genre you’re looking for (and you can see how much those competitors cost).
• Look at the reviews. Since most fleeceware publishers buy fake reviews, first filter out the high-star reviews and see what the negative reviews say. You can also look through 20-30 of the positive reviews to see if they’re obviously written by bots — look for repetitive text, bad grammar and spelling, or 1-3 word reviews (most of those are probably bots).
• Don’t just uninstall — unsubscribe! When you uninstall a subscription-based app on Android or iOS, you will be directed to your active subscriptions menu in order to end the subscription. Tons of users ignore these notifications and continue to pay for apps that they don’t even use — don’t be like them.
• Track your purchases. Make a habit of periodically checking your active app subscriptions. Depending on your mobile phone’s OS, follow the steps listed below to check your active subscriptions:
  • For Android phones/tablets
    • Go to Settings > Google > Manage Your Google Account.
    • Tap Payments & Subscriptions.
    • Select Manage subscriptions.
    • From here, you can see every subscription you’re currently paying for.
    • Follow the on-screen prompts to cancel a subscription.
      • For parents using Family Link.
        • In the Play Store, select Menu>Account>Purchase History to view all of your purchases. Your child’s purchases through Family Link will be attributed to their account.
  • For iPhones and iPads
    • Open the phone’s Settings menu
    • Click on your name/Apple ID, then click on Subscriptions.
    • You can see your active and expired subscriptions.
    • Select any active subscription and click on the Cancel Subscription button.
      • You can also click on Media & Purchases > Purchase History to view all of your purchases.
      • For parents with Family Sharing.
        • Go to the App Store.
        • Click on the person icon in the top right corner.
        • Click Purchases.
        • You can select your account and anybody on your Family Sharing plan to view their purchase history.
• Choose an antivirus with an app scanner. Antivirus software like Norton include app scanners that can check apps before you download them. Plus, antivirus apps come with various internet security tools that’ll secure all of your online activities.

Frequently Asked Questions

What is fleeceware?

Fleeceware apps unethically charge users excessive fees for basic functionality, luring in users with free trials, misleading ads, and dishonest app store descriptions.

There are many types of fleeceware apps (horoscope apps, image search apps, QR scanners, etc.), but the one thing they all have in common is that they provide basic features for a very high price.

Fleeceware is technically legal — if you want to pay $70 a week for a horoscope app (when there are free apps that provide the same services), then that’s your choice. But fleeceware developers usually target younger and non-tech-savvy users who don’t know how much similar apps cost, or who don’t know how subscription-based pricing works.

It can be hard to keep track of all of your app subscriptions, especially if you have family members linked to your account through Apple’s Family Sharing or Google’s Family Link. If you’re looking to keep all of your mobile devices as safe as possible, take a look at our list of the best mobile antiviruses for Android and iOS. I especially like Norton’s app scanner, which can flag suspicious apps in the Google Play Store and Apple App Store before you download them.

How does fleeceware work?

Fleeceware depends on user error in order to work.

For example:

• Users are deceived by social media marketing and dishonest app store descriptions.
• Users fail to research competing apps (which offer better features for less money).
• Fleeceware apps offer short free trials followed by costly subscriptions.
• Users uninstall apps without cancelling subscriptions.

Apple and Google both rely on users to report apps that are overcharging customers for basic features, and fleeceware apps are removed from app stores all the time. But it takes time for Apple and Google to remove fleeceware from their stores, so the best ways to protect yourself from fleeceware is to do some research before you get an app (check reviews and make sure that the advertised prices are the same as in-app prices, etc.) and use mobile security apps like Norton and Bitdefender, which can help you identify unsafe apps in the app store.

What are some examples of fleeceware apps?

There have been hundreds of fleeceware apps flagged and removed from the Google Play Store and Apple App Store.

While active fleeceware apps are harder to spot (they’d be removed if we knew what they were), some of the most popular apps that have been removed from app stores include Fortunemirror, S Photo Editor, Seer App: Face, Horoscope, Palm, Mobile Protection: Clean & Security VPN, and QR Code Reader & Barcode PRO.

The good news is that most of these fleeceware apps are relatively benign — other than fleecing users out of hundreds of dollars, they usually aren’t vectors for viruses, ransomware, spyware, or other malware files.

However, malicious apps are regularly released on both Google and Apple’s app stores — if you’re worried about fleeceware, you definitely need to consider getting an Android or iOS antivirus app to protect yourself from malware, web-based threats, and network attack in 2024

How can I protect myself from fleeceware?

The best way to protect yourself from fleeceware is to be cautious of what apps you download and where you download them from.

You should only download apps from the Google Play Store (for Android) and the Apple App Store (for iOS).

Before you install an app, make sure to read through customer reviews (lowest-rated reviews first). Many fleeceware developers pay for bots and paid reviews, so read the positive reviews as well — bot reviews are often 1-5 words long, or contain repeated text and grammar/spelling errors.

Also, keep a track of your active app subscriptions from your Play Store or App Store account. If there are active subscriptions that you no longer need, make sure to cancel the subscription before removing the app from your phone.