
‘Fleeceware’ apps overcharge users for basic app functionality - GiulioS
https://news.sophos.com/en-us/2019/09/25/fleeceware-apps-overcharge-users-for-basic-app-functionality/
======
austinl
Similar abuse occurs in Apple's ecosystem as well. It was really easy to
subtly sign someone up for a $99/week subscription, but I'm not sure if this
is still the case. A lot of these scam apps appeared regularly in the App
Store's "Top Grossing" charts — easily millions of dollars every month
were/are going to these kinds of apps.

This is an interesting example of incentive alignment — in some sense, it's in
Apple's best interest to let this abuse slide since they're also profiting off
of it (though obviously that's not a long-term, deliberate strategy).

This article covers it well: _How to Make $80,000 Per Month on the Apple App
Store_ ([https://medium.com/@johnnylin/how-to-make-80-000-per-
month-o...](https://medium.com/@johnnylin/how-to-make-80-000-per-month-on-the-
apple-app-store-bdb943862e88))

~~~
texuf
How are these apps getting past app store review?

~~~
Nextgrid
I wonder if the prices can be adjusted after the app is published. So the
scammer publishes the app with a reasonable price, gets past review, then ups
the price and profits.

~~~
saagarjha
Yes, you can apparently do this via App Store Connect.

------
Deimorz
This is blogspam of [https://news.sophos.com/en-us/2019/09/25/fleeceware-apps-
ove...](https://news.sophos.com/en-us/2019/09/25/fleeceware-apps-overcharge-
users-for-basic-app-functionality/)

The only thing this user does is submit articles from secalerts.co, and almost
all of them are blogspam.

~~~
dang
Thanks, we've changed the URL to that from
[https://secalerts.co/article/android-apps-sold-for-
hundreds-...](https://secalerts.co/article/android-apps-sold-for-hundreds-of-
dollars-on-google-play-store/8690bdea).

------
quickthrower2
We can whack this mole, but really we just need a credit law (or convention
from VISA/Mastercard) applied in as many countries as possible that says all
charges on a credit card need to be pre-approved.

So if you want to take $99/month from my CC I have to approve it, using a PIN,
and say how many months I am happy for this to go on for. Basically what
Paypal offers to terminate subscriptions should be at the card level for all
transactions.

This will stop the whole class of "forget to unsubscribe" type scams.

In the meantime hopefully everyone hit will do a chargeback which would force
Google to do something.

~~~
bscphil
> We can whack this mole, but really we just need a credit law (or convention
> from VISA/Mastercard) applied in as many countries as possible that says all
> charges on a credit card need to be pre-approved.

That would help, but it wouldn't completely stop the abuse. I recently decided
to try out the VPS offerings at [a major cloud provider]. I paid for one month
of a VPS with Paypal, quit using it before the end of the month, and didn't
pay for another month. Unlike every respectable cloud provider I've ever used,
they apparently wanted me to navigate their interface to figure out how to
cancel the VPS and do that. Instead they kept it running for another two
months (they say), and after one attempt to contact me by email (which I
missed), turned my entire account over to collections, with all the mess that
entails for me.

So even preventing recurring charges won't necessarily help if the companies
move to _claiming_ that you never canceled your subscription and then trying
to bill you for it later, or sending your account to collections.

~~~
milankragujevic
Awful. I had the same experience with Online.net. A prepaid service that was
paid, and then I cancelled through the bank, forbidding them from charging me,
YET the kept the service running for a month, but I couldn't cancel as they
blocked my account for non-payment (impayé). In the end I left the account in
this state and stopped caring.

As far as I had understood it, if I don't pay, it SHOULD be suspended and
deleted immidiately, NOT kept running and then the provider claiming I owe
them for that service.

~~~
bscphil
Yep! Very similar situation in my case. Since Hetzner requires you to give
them a name, phone number, address, etc. it's very easy for them to track you
down later when they want to pull this scam.

> As far as I had understood it, if I don't pay, it SHOULD be suspended and
> deleted immidiately, NOT kept running and then the provider claiming I owe
> them for that service.

With every VPS I've ever used, this is the case. The nice ones will send you a
warning before shutting it down a few days later. I'll steer clear of
online.net because of your warning.

------
woliveirajr
The deal is that trial apps ate allowed to charge $ after the trial ends.

To avoid it users have to uninstall and tell the developer. Since nobody reads
and understand these fine prints, charging after the trial is ok, as it
complies with Google rules.

No laundry here...

~~~
ocdtrekkie
The fix could be pretty simple: Have the trial API built so that it locks out
the app at the end of the trial and presents a pay-to-continue or uninstall
option dialog the next time the user tries to use it.

------
SN76477
My daughter often wants to download iphone games.

A lot of these games will charge $4.99 per WEEK for access to keep playing
without ads, etc.

A lot of pc games cost much much less than that.

And while I am talking about the cost of games
[https://itch.io/](https://itch.io/) is a fantastic place for free and cheap
and pay what you want games.

~~~
nyuszika7h
Yes, this weekly subscription model for games even to just remove ads has
become annoying. Thankfully you can just subscribe to AdGuard Pro for $3/year
(yes, it's that cheap) and set it to use AdGuard DNS - this blocks ads in
mobile games nicely.

------
paulcole
I’ve always thought this would be a money laundering opportunity. Sell an app
for an outrageously high price, buy App Store gift cards with dirty cash, and
then buy your app from yourself. You could almost certainly get an army of
cheap labor to buy your app on their phones if you gave them a gift card worth
say 110% of the app’s cost. You’d lose a pretty big chunk to App Store fees
and taxes but it’d be clean.

~~~
MarkyC4
It's probably still easier (and with less loss) to sell $500 gift cards for
$450 on eBay

~~~
ISL
Seems like that'd be a tricky proposition. There are a lot of people who would
be happy to buy your $500 gift cards at $450.

------
dddddaviddddd
Reminds me of the I Am Rich app on iOS:
[https://en.m.wikipedia.org/wiki/I_Am_Rich](https://en.m.wikipedia.org/wiki/I_Am_Rich)

~~~
CaptainZapp
There's a massive difference to the app you link to.

The I Am Rich App was totally upfront about what you get. Namely: You pay 999$
for a red gem (as I recall) on your phone's display. There was nothing sneaky
or underhanded about it.

Essentially it was an app for people who wanted to prove that they have money
to blow, but coughed from smoking cigars, lighted with 100$ bills.

The idiocy of it was part of the concept, but the app was very upfront about
what it does and what it costs.

This is different in that you get a crappy, redundant app, which is "free",
but sneaks a very expensive subscription model of which you are not aware,
which is not really mentioned (or if, then in very dark patterns) and of which
it's very hard to get out.

The first is, arguably, an expensive piece of conceptual art (not on the
phone, but on a meta level) the second model is outright fraud.

What's discussed here is very different.

------
jchook
> they overcharge users for functionality that’s widely available in free or
> low-cost apps.

The first thing I thought of here was YouTube charging me to play music with
my phone locked in my pocket.

~~~
jchook
Another example that comes to mind.. headphone companies
purposefully/artificially downgrading their sound quality on lower end models
with cheap foam or something, while still using the same exact hardware as the
higher end model.

~~~
Konnstann
Which headphone company does this? Genuinely interested, as I am very into
portable audio, and haven't heard anything about it.

------
retSava
In a way, good that they charge stupidly high amounts (the article has
screenshots with claims of >100gbp/usd). That high, most people would make
some noise to get it back. If it had been 10$ or similar, more people would
either not notice it, or they would just jot it under the "well, shit, lesson
learned" account.

------
afterburner
And Google is allowing this.

~~~
point78
I fail to see the problem here. There are dozens of these apps offered for
free, some the developer decides to charge per month. User just has to find
the free ones.

Should Google now tell app developers what to charge? That's ridiculous.

~~~
mirimir
No.

But Google and Apple ought to require clear disclosure of price and
conditions. Also, free trials shouldn't transition to paid usage without
explicit authorization.

~~~
point78
Ok and your first point, but your second point...That's exactly what a free
trial is by definition. It's free for a period of days until you are a paying
member.

~~~
mirimir
Not really. Payment should require authorization _at the time of payment_. I
mean, what's the point of a free trial if you must commit to paying in order
to start the trial?

I do understand that this is a common dark pattern. But common or not, it
ought to be illegal. And these bullshit apps are _perfect_ examples of why. So
is the New York Times, but that's a different fight.

------
epx
There is a legitimate reason for that. If you unpublish an app, existing users
can't download it. The workaround is to put a high price so nobody will buy
new copies.

~~~
lxgr
Is that still true, though?

I think I've seen cases of apps being unpublished for new purchases (even free
ones) but still available for downloads of existing users in both Google's and
Apple's stores.

~~~
epx
I had recently unpublished an app of mine expecting it would still be
available for purchasers, didn't work. Had to resort to the outrageous price
trick.

~~~
DHPersonal
That's strange–I wonder why unpublishing didn't work for you. I have seen
several apps be taken off the store by various companies but remain on my list
of Purchased apps on the App Store. I can still download the apps but not see
the entry on the App Store when I tap on the app's name for details.

