Dubious app store subscriptions bring in hundreds of millions of dollars in revenue…

An article review.

When it comes to malicious applications you’re probably familiar with things like malware and ransomware, and you have ways to avoid them.  Modern desktop and smartphone operating systems have built-in malware detection tools, and some web browsers even automatically block websites known to distribute harmful applications.

But what if those tools didn’t work, because the application in question has been deemed to be legitimate?  According to a new study by Avast, the Google and Apple app stores have hundreds of “fleeceware” titles: seemingly legitimate applications that come with surprisingly high subscription fees.

Fleeceware differentiates itself from other threats–and is able to remain in official app stores–by offering a functional application.  Because the applications work as advertised, they’re less likely to be successfully flagged as scams and removed from app stores…even if they may cost customers hundreds or thousands of dollars per year in subscription fees.  The developers of these applications will target children, or adult users who they hope will not notice the new charges on their bill.

What can you do to avoid being a victim?  Both Apple and Google offer users a way to view current app subscriptions, and people are advised to keep an eye on these lists for any new additions.  Additionally, fleeceware applications often have large numbers of potentially fake reviews, often featuring similar language and spelling mistakes.  If all else fails, you can uninstall the application: the current versions of both Android and iOS provide a warning when uninstalling something with an active subscription.

Original article by Tara Seals writing for ThreatPost.