There’s a new form of app in town, and it poses a big risk to your wallet. Will you be conned by “fleeceware”?
Mary might have had a little lamb with fleece as white as snow, but everywhere Mary went, these days, scams would surely follow.
These days, Mary would be wise to the idea that she’d need to keep her wits about her online, lest she find herself fleeced online, and it’s a message we all need to keep at the front of our mind when we’re online.
Nursery rhymes aside, it seems like it’s all too easy to get fleeced by criminals, what with the sheer number of scams that are out there. From the Australia Post scams to the fake JB HiFi scam to the ATO scam to social engineering to people calling you once and expecting you to call back, there are plenty of ways you can get conned and fleeced, and that’s not good.
But just to make things more complicated, there’s another, and it has to do with apps and your wallet.
It’s called “fleeceware”, and you might just have something like it on your phone right now. What is fleeceware, and how can you spot it before it fleeces you?
What is fleeceware?
Let’s start with what fleeceware is, because it’s important to understand. The obvious part of its name is “ware”, and like software, it’s an app for your device.
However, much like how “malware” is a form of software designed for malicious intent (hence the “mal” part of the name), “fleeceware” is a form of app that finds a way to overcharge and fleece the owner after a short trial. Typically this happens if the app isn’t uninstalled immediately after you’re done with a trial period, and may not be easy to stop the payment once it has begun.
Simply deleting an app of this nature may not prevent your money from being deducted. It’s just that sneaky.
Fleeceware is, in essence, a small app that seems like it will be cost-effective and/or free, but is instead going to lead to ripping people off. Fleeceware can lead to ripping you off, and fleecing you out of money.
It’s a term Sophos first coined a year ago after finding apps specifically built to\charge more than your standard few bucks that an app might cost. Rather, fleeceware may charge hundreds of dollars instead, making it an expensive app download that you might not intend to use.
So how do you spot it, and how can you avoid being fleeced?
How to spot fleeceware before it hits you
There are loads of apps out there, and while many are good and legit, many others are clearly not.
But Sophos says that there are things you can do to stay on alert, such as being wary of apps offering “free trials”, to check apps with incredibly tiny fine print that’s hard to read, and to steer clear of generic apps for things like wallpaper designers and photo editors, which are rife for this sort of thing.
You’ll find it with QR code scanners, face filters, horoscope apps, and typically other apps that seem like they’d largely be irrelevant, and by token of how many there are in a search, possibly easy to download a template of and build. But where they differ from the real deal is that rather than cost a few bucks, they may cost a lot more, and in some cases, this payment is the only way to unlock the features of the app.
“Be sure to take a good look at the details and reviews of an app before you install it, and don’t fall for a few five-star reviews,” said Aaron Bugal, Global Solutions Engineer at Sophos, suggesting that people “take a look at some of the comments that aren’t so generous”.
“Dodgy developers are known to manipulate reviews and increase the number of five-star reviews an app has,” he said.
Reading the reviews is important, but checking that fine print is also critical, because that’s where the terms are for where you’ll be charged. Worse, it’s where the terms are for killing payment, with fleeceware typically engaging in the con by forcing you to do more than simply delete the app to move on with your life.
“No one likes to do it, but it’s important to read the fine print and understand what you’re signing up to before you sign up, particularly if there’s money involved,” said Bugal.
“Often these publishers will stipulate that a person must email them directly to discontinue payment, so don’t fall into the trap of thinking that just deleting the app will do the trick,” he said.
Frustratingly, fleeceware has found its way to both major app stores, with Android and iOS both featuring the cons on them. While Android has more, Sophos has found more than 30 this year, meaning it’s possible to get fleeced on either major mobile operating system.
How to steer clear of fleeceware
No one likes to be told that the next app they’ll download has the potential to cost them big bucks, even if it says “free trial” on the cover, yet that’s what this type of app can do.
So whenever you see “free trial” or “offers in-app purchases”, make sure to read the terms of that app carefully.
Apps built to rid you of your money will typically offer not just monthly or yearly fees, but also weekly ones. That can no doubt add up, because while an $80 yearly cost may not seem like much, if it’s $8 per week instead, that’s a cost of $416 that you may be slugged with, making it vital to check the terms of what you’re buying.
How to unsubscribe from fleeceware
If you’re ever baited by an app of this nature, iOS users will probably have the easiest time cancelling, with the “Subscriptions” section of the app under your ID in settings allowing you to see what you’ve actively subscribed to. From there, you can cancel apps subscriptions you don’t want, though you can’t necessarily apply for a refund of an app that has fleeced you out of a one-time payment.
Android offers a similar approach, with its subscriptions found under the main Google Play menu.
Ultimately, if you’re concerned if any of your apps are fleeceware that you’re paying for, check the subscriptions settings on your phone and see what they say. If you see an app you are paying for that you don’t want to be, it’s time to cancel it ASAP.