Australian smartphone users have been the biggest victims of any country for a new breed of malicious software costing the nation millions of dollars through hidden fees within apps.
According to global online security company Avast, Australia’s 10 million downloads of fleeceware apps were the highest of any country in the Apple App Store and Google PlayStore – costing the country $9.9m.
Fleeceware is designed to severely overcharge users for mobile apps providing simple functions that are free or cheap in other apps.
Fleeceware app developers take advantage of users by offering short, free trial periods.
If a user who downloads and installs a fleeceware app has not uninstalled it and unsubscribed in their subscription settings before the trial ends, the app developer begins to charge the user exorbitant fees.
In the Apple App Store, there are 25 fleeceware apps that have hidden or disguised fees of $500 or more a year.
The top offender is “FortuneScope: live palm reader and fortune teller”, which can charge users as much as $66 per week – or $3432 a year.
Another app stinging users is “Flame”, a dating app that while disclosing its annual fee of $119.99 can max out at almost $780 a year.
A range of apps – from ‘”Nebula: Horoscope and Astrology” to “Facetory: Face Yoga and Exercise” – have annual subscriptions of $29.99 but can max out almost $520 a year.
Most of the applications Avast discovered ranged from $4 to $12 a week or between $208 and $624 per year.
Avast security experts have reported 200 fleeceware applications to both Apple and Google for review.
There have been an estimated one billion downloads of fleeceware apps globally that have accrued more than $400m in revenue for developers.
Fleeceware applications are actively advertised on major social networks such as Facebook, Instagram, Snapchat and TikTok.
Avast threat analyst Jakub Vávr said the majority of users would not download fleeceware apps that posed as cheap, everyday apps if they knew the whopping fees involved.
“The fleeceware applications we’ve discovered consist predominantly of musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, and slime simulators,” Mr Vávr said.
“While the applications generally fulfil their intended purpose, it is unlikely that a user would knowingly want to pay such a significant recurring fee for these applications, especially when there are cheaper or even free alternatives on the market.”
Mr Vávr also said younger users whose parents paid for their smartphones were easy targets.
“It appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or ’free to download’,” he said.
“By the time parents notice the weekly payments, the fleeceware may have already extracted significant amounts of money.”
Avast security experts recommended users avoid fleeceware apps by being careful with free trials of less than a week, reading the fine print carefully within each app and securing their payments.