SecureMac, Inc.

Malware Library. Threats targeting Macs.

Mac malware exists in all shapes and sizes and new digital parasites evolve every day. Whether it’s adware, trojan horses, keystroke loggers, viruses or other spyware, stay up-to-date and discover more information about the latest threats targeting your Mac here.

What is Fleeceware?

These days, we’re all spending a lot of time online, and many of us are trying out interesting new apps to stave off cabin fever. If this describes you, then there’s a threat that you should know about: fleeceware. In this short article, we’ll tell you what it is, how it works, and what you can do to stay safe.

What is fleeceware?

The term “fleeceware” was coined by the British security researchers who have been investigating it. It refers to apps that charge an excessive monthly subscription fee after a brief trial period has ended — even if a user has uninstalled the app from their device. If the monthly billings aren’t noticed, an unsuspecting user can rack up hefty credit card charges over time. The fleeceware developers know exactly what they’re doing, and don’t make it easy for people to get their money back after they’ve been “fleeced” by the deceptive software. Fleeceware is found in both Google Play and the App Store, so Android and iOS users alike need to be on the lookout for it.

Is it malware?

While fleeceware can be seen as a form of consumer fraud, it isn’t malware: The apps perform their advertised functions, and are not overtly malicious. And although their subscription fees are exorbitant by most people’s reckoning, there’s no specific rule against overcharging for a product: If a developer wants to ask $40 per month for a calculator app, they’re free to do so. 

Furthermore, the fine print for fleeceware apps isn’t inaccurate, just misleading. Many people don’t realize that there is a difference between a free app and a paid app with a “free trial” period; and they don’t understand that uninstalling an app is not the same thing as unsubscribing from it, an important distinction that permits fleeceware to charge users at the end of the trial.

All of this allows fleeceware developers to maintain their innocence, and claim that they aren’t actually breaking any rules.

Why doesn’t Apple do something?

You may be wondering why Apple and Google don’t do something about deceptive apps on their platforms.

The short answer to that question is that they do, when they’re able to. Google has removed a number of fleeceware apps from the Play Store, and Apple has done the same. But new fleeceware apps continue to crop up all the time.

Many people don’t realize how massive the App Store actually is, and how hard it is for Apple to conduct a thorough review of each and every app released on the platform. There are over 20 million registered iOS developers, and thousands of new apps are released through the App Store each month. Monitoring all of that is a huge job, even for Apple. In addition, it’s worth bearing in mind that as unpalatable as fleeceware is, Apple is also busy dealing with a multitude of other serious threats to its platforms: things like nation-state malware, cryptojacking apps, and dating apps that let adults chat with kids!

To put it bluntly, there is no way that Apple is going to be able to catch everything, which, like it or not, means that the ultimate responsibility for vetting apps falls to the individual user. 

How to stay safe

Fleeceware is a problem, but there are some steps you can take to protect yourself from it. Here are three things you can do to make sure that you don’t get fleeced.

  1. 1

    Don’t trust. Do verify.

    Be aware that bad stuff does get into the App Store (please take the marketing hype about Apple’s “walled garden” with a grain of salt). This is not to say that the platform is insecure, just that it isn’t perfect — which means that you should always be mindful of what you’re downloading, and do a bit of research before putting anything on your device. Read the app’s terms and conditions carefully, and check out the developer’s reputation and recent reviews. Then ask yourself the following questions:

    • Are you downloading a free app, or a paid app with a free trial?
    • After the trial period ends, how much are they going to charge you per month? Considering what’s on offer, does that amount seem reasonable, or suspicious?
    • Have other people complained about surprise charges, issues with unsubscribing, or problems obtaining a refund?

    If you spot any red flags, consider looking for another app that offers similar functionality without the sketchiness.

  2. 2

    Keep track of your subscriptions

    If you’re installing and uninstalling lots of new apps, or signing up for multiple free trials and then canceling, it can be surprisingly easy to lose track of what’s on your device — and what you’re paying for.

    Take a moment to view your active subscriptions by going to Settings > [Your Name] > Subscriptions. If there’s anything there that you don’t use anymore, or simply don’t want going forward, cancel it by tapping on Cancel Subscription. If you need a little more guidance with the process, take a look at Apple’s support page for information on viewing and canceling app subscriptions, which will help you troubleshoot any issues you may face.

    When installing any paid app that has a free trial period, it’s a good idea to set a reminder for yourself as part of the process. Take note of when the trial ends, and then set a calendar alert to remind you to review the subscription before the trial is over. Remember that uninstalling the app is not the same thing as canceling your subscription — so if you don’t want to be charged, you need to follow the procedure outlined above rather than merely removing the app from your device.

  3. 3

    Report abuse to Apple

    If you’ve installed what appears to be fleeceware, or have received an unexpected charge from an app, you can report the issue or request a refund through Apple’s online reporting portal.

    To do this, go to reportaproblem.apple.com and sign in with your Apple ID and password. Look for the offending item in the list of apps or subscriptions, and click the “Report” or “Report a Problem” button next to it. Then follow the instructions in order to report an issue or request a refund.

Most apps in the App Store are completely safe, and the vast majority of iOS developers are hardworking, honest folks who want to provide useful and reliable apps to the public. Given the size of the platform, some bad actors and questionable apps do slip past the review process from time to time, but by taking the basic precautions mentioned in this article, you can help keep yourself — and others — safe.

Filed under Blog, Malware Definitions, Security News

Related Posts

Latest Security News

Get the latest security news and deals