Deutsch
English
Do you remember the scene where Indiana Jones is chased by a giant boulder threatening to crush him? Think of the boulder as major Ashampoo projects and me as Indiana Jones–but less agile and with somewhat rusty hips. That's what it's been like around here recently! And every boulder caught me straight on! The blog was the first victim of this deadline frenzy and, though it hurt, there was nothing I could do about it. Naturally, a lot has happened during my forced absence as blog writer so let's start with a particular crummy topic that could potentially cost cellphone users hundreds of dollars each month: fleeceware!
Time and time again, both Google and Apple are plagued by shady apps that sneak into their stores while pretending to be regular app I. The latest wave of these nasties has been dubbed Fleeceware and it uses an old scam, but in digital form: hidden subscriptions. On the outside, fleeceware apps look just like any other app and offers useful features, e.g. a QR scanner, a calculator or photo optimization. Users are free to test them under a trial period, so nothing out of the ordinary yet–except that users are asked to submit their payment details the first time they run the apps. Without this, the apps refuse to start. Once entered, disaster strikes, thanks to a loophole in Google's Play Store terms.
The trial period usually only lasts three days, during or after which most users remove the apps in the belief that the payment details they provided no longer apply. Here's the thing: uninstalling an app is not the same as unsubscribing. By submitting their payment details, and ignoring the fine print, users have already subscribed. Removing the affected apps does not cancel the subscription. It's the subscription price that earns fleeceware it's foreboding name: $200 or more is not uncommon–per month! The only way to escape the trap? Unsubscribe from within the apps and then uninstall them. Currently, Play Store imposes a cap for subscription fees of €300 in the EU and $400 in the US. That still leaves plenty of room to overcharge users.
Naturally, Google have already sprung into action and removed some of the apps, but more will likely follow. Google's dilemma is that, while shady, overcharging is not illegal under their terms. And, unlike malware, fleeceware apps behave as advertised. They don't execute malicious code or steal sensitive information. By providing their payment details at first launch, users willingly enter into a subscription agreement. And keeping their subscriptions alive after they've uninstalled the apps can make sense, e.g. when users are migrating from their old to their new cellphones and wish to keep their settings and apps.
Most users are totally unaware they've subscribed, especially those who quickly uninstalled because of the short trial period. Here's how to cancel subscriptions on your Android device:
- Open Google Play Store.
- Make sure you’re signed in to the correct Google Account.
- Tap "Menu ☰" > "Subscriptions".
- Select the subscription you want to cancel.
- Tap "Cancel subscription".
- Follow the instructions.
If it's less than 48 hours since you purchased, you can request a refund:
- Click "Order History".
- Find the affected order.
- On the order, click "More ⁝".
- Select "Request a refund" or "Report a problem" and pick the option that applies to your situation.
- Complete the form and include that you request a refund.
And it's gone ...
Is fleeceware an Android-only phenomenon? Hardly! iOS saw a VPN app that charged users $400 back in 2017 and a QR scanner app that cost $3.99 a week, not much by comparison but still. That's when Apple decided to display a notification in iOS 13 when users remove an app with an active subscription. Let's hope Android will quickly follow suit. A detailed summary of all price, subscription and trial conditions would also be much appreciated!
So how do you spot a fleeceware app? Take a closer look! With billions of smartphone users, it's unlikely you'll be the first victim. So check the reviews for warnings and cuss words that are a clear indicator that something's amiss! You can also check popular online magazines or portals for hands-on feedback. Though the screening process for Google's Play Store is shorter than for Apple's equivalent, both can't guarantee 100% app safety. That's why we'll once again have to rely on the security center between our ears and think before we click!
What I would like to know: Have you already encountered or even installed malicious apps on your cellphone?
Thank u Sven for your blog, it seems to often wake me
up from my slumber and do deep thinking linking things
I had seen, heared, read and come to some stunning
conclusions.
At the risk of being boring, I did some more searching and
below are what I deduct is happening in Singapore and u
all can deduce whether it will happen in your country.
According to my search, Apple app. store was found to be
infested with such scams, after much complaints, they
remove some but a few changed their names and reappear
The scams then start to appear in Goggle app. stores. I
only found some mention of it after 30 min. goggle search
as they obviously do not want u to know.
Now for Singapore, after recent opening up, there are three
major telco and I think 3-4 smaller ones. All 3 operate mobile
phone and TV services for home n buz. Only the oldest incumbent operates line line.
They all offer the most basic mobile plan at US$16-&19, depending on your contract period (2 yr is norm) and the
phone and TV addons. The TV add on are : music (spotify
iTunes etc), Movie (Netflix, HBO on the go etc) and
News (CNBC, BBC, etc). All basic add on are prices around
US$3-4 per montn. Now the interesting part : free 30days
or more, cancellation must be done at least 24 hr before
tiral ends. The common complaints are u CANNOT cancel
it via your mobile phone just by deleting it etc, U must
do as Sven said goes thru a lengthy process to terminate
it.
The last part I deduct logically (may not be true0 is:
at the Customer service or IT/Consumer Ele shows (abt 5 times
a year) there are always long queue of folks applying for
mobile or TV services etc (1 hr is norm). So the telco for
time factor simply preinstall every addons onto the mobile
phones including the Goggle or Apple play stores on them
at the back room. In this way, at the sales event they just
try to persuade u to try this that addon to make the deal
more attractive. They often emphasise it is free trial and
u had nothing to worry about but they either do not have time
or the incentive to tell u how to UNINSTALL them. Hende
most folks will end up desperate (especially the older folks)
and if u had kids with phones they may be tempted to try
some free games and activate such scams.
I also think this scam is a perfect crime. Imagine if u
rob peole or steal etc, u gets jailed. But if u cheat people
using this scam, u dont go to jail, the law and everone only
laugh at u saying u are stupid , u dont read the find print!!!
I hope this do not happen in your country, but if there are
such telco in your country, beware and be very careful
The scam does not happen exclusively with credit cards. Carriers are also scamming their customers as well.
I am sorry to disappoint u all that no giving credit card
info does not guarantee that u dont get rip off.
What I am telling u below may not be entirely correct, as
I dont have full details and I am not a victim yet. What I got
are from readers complaints to the Chiness and English
newsper "complaints column). They appear at least once or
twice a month, more in the Chinese papers no doubt they
dont undertstand the fine print as the apps are in English.
In Singapore, the scam goes via your telco's mobile payment
It seems these app providers pay the telco a fee to preinstall
them onto the mobile phones. Once it is actiated (there is no
warning abt subs.fee or in fine print) the fee will be collected
by the telco and added to your phone bill.
The subscribers may be thinking he or she is only paying
for one or two songs or some other services and in realty
is billed for something much more. In most cases,. complaints
to the telco bring no relief as the telco claimed it is not their
fault.. Short of going to the telco's office and threatening to
cancel the phone, one does not get it resolved. In the same
way one goes to the credit card company and threaten to cancel the card to get it nullified.
This happened again and again. Our police does not consider
it a crime, but commerical dispute between the two paries.
Moreover, the app providers are oversea not in Singapore and
they cannot even summon them for questioning.
The telco once in a while replied in the newspaper emphasising their innocence.
I had so far seen no respone fromGoggle or Apple pay.
Their silence signify their arrogance.
Why is this so?
Is this not a crime?
Can't the card compnay or telco be held responsible as they
are the one providing the app dealer the channel to market
their scam?
In my time our credit card software can detect fradulent
card transactions either by card members (jewellery purchases
for example) or merchants (ununsual acitivity by volume
or value) , one can easily add one more 0 members' complaints
So why cant they do this> Where are their social justice
and responsibility?
The same logic apply to Goggle and Apple pay, if they had
receive complaints from customers they can stop the app
immediately, but obvisouly they do not.
I can say the same about our govt,. if this is allowed to go on
it will soon multiply and the crooks in every continent will
do a copy cat and only then they will wake up to put up the
law and punishments for ALL parties (telco, card company
and Goggle/Apple).
The news media also never bother to follow up and do a
detail study of how big the problem is as this is treated
as non-crime.
I am afraid what I see is just the tip of the ice berg. Most
people will just take loss and dont bother to write to the
newspaper to complain. There is no statistics on this as
it is not a crime but I am sure it can easily run to
a few hundreds a month.
Thank you for your intriguing feedback! That's news to me too!
InPixio. They sell a collection of photo tools. I went to purchase one and, elected to pay with PayPal. The payment page told me that this is a recurring payment. Not anywhere in the Inpixio information do they tell you this.
To answer you question, not yet, implying that with the increasing complexity of scams, it could happen. But; but; who would want to submit real payment details for a FREE trial? Anything that requires payment details should be enough to stop people from doing so, but obviously not all people are careful, and are probably convinced by the highly contrasting word in the information, FREE, in bold caps. The fact that payment details are required at all means that there is likely to be an automatic opt-in payment.
WARNING: I'm not sure what the situation is in all countries, but if a credit card payment is a RECURRING PAYMENT / CONTINUOUS PAYMENT AUTHORITY (CPA), make sure that you as the cardholder can cancel it. UK cardholders can request their issuer to cancel them, but that wasn't the case until 2009.
Many cellphone users pay for ad-free apps or other (streaming) services. Canceling a subscription (and asking for a refund) will work in most cases, but, because of the huge number of downloads, fleeceware is still a profitable business model.
Hi Sven,
I thought that you had lost the Ashampoo new office address ... Du hast meinen Tag angenehm gemacht.
Scamming and hacking is so bad in the world at present we may as well treat almost everything connected to the internet as a hack or scam until we can prove otherwise.
"Download the app" reverberates through the air from organisations and businesses everywhere and should be translated to "Feed Big Brother."
'Fleece' is a good title, many sheeple click and scammers collect.
Because of our 20-year anniversary, the recent relocation and several bogged-down projects, we've been snowed under with work. I believe (and hope) I'll have more time for blog articles going forward. :)
Bonjour Sven,
Nice to "read" you again...
Once again something very interesting I was not fully aware of...
Not installed such fleeceware or any other malicious app on my phone (until now at least)...
Good work.
Yep right on ! Any app that requires a credit card just to try it is an immediate no way hossay!
Thanks - again, Sven.
1) not yet harmed by that FLEECE; a major responsibility lies with the App-Stores, period.
2) disappointed to have been left out of my long-time belonging to this special blog-club -- any idea why/how that happened?
3) PLEASE dedicate a thorough investigation into very unusual demands for highly private information:
*** I ordered XYZ on Ebay, paid with AmEx and payment and delivery went well: within a day or so Ebay blocked my account claiming they "had observed unusual activity" and now needed a picture ID taken and bank and address data. Nope - no scam - it WAS Ebay but I stopped buying from or using Ebay; period.
*** As usual, I am seldom on Fakebook; last time I tried, similar to the Ebay issue, I was suddenly blocked and told "unusual activity" and "for your own safety" + (you guessed it) now needed a picture ID taken and other data "to make sure nobody would use my account" (as if Mr. Sugarmountain had not enough of me through whatsApp!!).
To me - that is plain abuse: with 90% of Fakebook accounts using ‘aka’ or pseudonyms (hence the ease of abuses, threats, insults and alike) - how the heck do they even DARE to ask me for a picture ID?!
If you know of more cases and the legalese behind these 'demands' please illuminate me and other readers.
Best regards, again from some not-so-cold regions in Spain
Ecky