North Face or Patagonia – what’s your fleecewear preference? You can’t go wrong with either – they are both cozy. Fleeceware, on the other hand, is something to avoid snuggling up to at all (hidden) costs.
Sophos, the security firm that invented the term fleeceware and brought the phenomena to light, found that app publishers on Google Play and iOS App Store had developed a business model where users are charged excessive amounts of money if they do not cancel a subscription before a slim trial window closes.
In January of 2021, Sophos revealed that 25 apps on Google Play combined to a total of more than 600 million downloads on 100 million+ devices. In April, Sophos identified 30 more fleecy apps in the iOS App Store. This volume of downloads rivals some top legitimate apps available in Google Play and iOS App Stores – staggering!
In Wired Magazine article, John Shier, a Sophos senior security adviser, explains “In our capitalistic society, you can look at fleeceware apps and say if somebody wants to waste $500 per year on a flashlight app that’s up to them. But it’s just the exorbitant price that you’re being charged, and it’s not done aboveboard. That, to me, is not ethical.”
Examples of Fleeceware Apps
Sounds like we should be checking our childrens’ (and new age friends’) phones. Lifehacker advises that fleeceware applications consist predominantly of “musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and ‘slime simulators’.”
If you yourself still feel compelled to install a ‘slime simulator’ or palm reader app on your phone, how do you identify an unethical sheep in the grass?
Identifying Fleeceware Apps
In your app store of choice, beware of high install counts. App developers could have used a paid service to bloat their install counts. Also, always be skeptical of suspiciously positive reviews. Fleecy developers can forge many high-star reviews through paid services.
Tactics for Avoiding Fleeceware Apps
Avoid installing ANY “free trial” app offering a subscription charge after a short trial in the first place. If you do install a free trial app, read the fine print to make sure you will not be charged money later. Understand that uninstalling an app does not necessarily cancel the trial period – some developers require that you send an email requesting termination. Save these email records in case they are needed to dispute charges later.
You really do not need another app. Big tech companies (i.e. your Android or Apple phone maker) offer basic tools and utilities like emojis, selfie filters, and QR code scanners for free. You might complete a brief web search to price compare apps if you’re unsure about something or if something just does not seem right.
If your past signups or subscriptions are spiraling out of control, Android and iOS both offer centralized lists of the subscriptions they manage for you – it might be worth a check in:
- On iOS, follow the instructions here or open Settings, tap your name, and then tap Subscriptions to view and manage your subscriptions. You can also open the App Store, tap your initials in the upper right corner, and tap Subscriptions.
- On Android, open the Play Store, tap the hamburger menu icon in the upper right and choose Subscriptions to view and manage your signups.
As if a ‘slime simulator’ app is not slimy enough, with dodgy app downloads, you are making yourself vulnerable to the costly threat of fleeceware. Familiarize yourself with the information above and remain skeptical!
This post addresses threats posed to consumers, Previously, we have offered perspective on security practices for the enterprise including IoT Due Diligence Questions and Securing Internet Connected Devices in Healthcare.
