In our initial coverage of the fleeceware phenomenon, published in September, SophosLabs reported on how some app publishers using the Google Play Store had devised a business model where users could be charged excessive amounts of money for apps if they don’t cancel a “subscription” before the short free trial window closes.
While the company did take down all the apps we had previously reported to them, fleeceware remains a big problem on Google Play. Since our September post, we’ve seen many more Fleeceware apps (such as the ones listed in the table at the end of this story) appear on the official Android app store.
The total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.
We have good reason to believe that the install count may have, in some cases, been manipulated. But some of the apps, including a popular keyboard app that allegedly transmits the full text of whatever its users type back to China, may legitimately have that many downloads.
As we saw last fall, there were a wide variety of entertainment or utility apps, including fortune tellers, instant messengers, video editors, and beauty apps. And just like last time, user reviews reveal serious complaints about overcharging, and that many of these apps are substandard, and don’t work as expected.
Monetary damage to users
One reason Sophos wants to create awareness, and highlight this Fleeceware business model, is that this business model can cause significant harm to users, and there’s little recourse. The Google Play Store policies are significantly less consumer-friendly than US credit card policies; Those who managed to get refunds have been able to obtain them only with great difficulty.
Some of the unhappy consumers who wrote negative reviews claim they even followed the subscription model’s rules to unsubscribe, and were charged anyway.
The Fleeceware business model adopts new payment schedules
In our earlier reporting, we noted that fleeceware apps often charge a very large amount, which the publishers characterized as an annual subscription to their software. For example if you were charged more than $200 for an app, you might be able to justify it as being “only” $16.67 per month, but that doesn’t take into account the fact that the app merely does, for example, a reverse-image search — something Google offers as a free service, anyway.
So in the intervening months, some publishers have decided to offer weekly and monthly “subscription” payment options, instead of (or in addition to) annual charges. Sure, it might make the amount look smaller, so users might be less likely to experience sticker shock, but it actually exacerbates the overcharging: In one case, we found an app displaying subscription fees of €8.99 per week, or €23.99 per month, which works out annually to €467.48 (if you pay the weekly amount for 52 weeks) or €287.88 (if you pay the monthly amount for 12 months).
Confusing things even further, some of the apps (such as the screen recorder app shown above and below this paragraph) prompt users to pay for a monthly subscription rate on one screen, and a much different, weekly rate on another screen.
It’s impossible for consumers to make an informed choice under these kinds of circumstances, even if they really wanted to pay more than the cost of any but the most expensive new phones each year for the privilege.
High install counts and suspiciously positive reviews
If you look at the “install count” on our list of fleeceware apps (below), you’ll see that most of them have a high install count. Some of the apps’ Play Store page claims they have 1 million, 5 million, 10 million, or even 100 million installs. Many legitimate apps strive hard to reach those kinds of numbers.
Some of these apps are very unprofessional looking. Based on past experience, it may have been the case that these app developers could have used a paid service to bloat their install counts and forge a large number of four- and five-star reviews. You can identify some of these falsified user review clusters if you scrutinize the recent 5 star reviews; one-to-three word, five star reviews have a propensity to be “sockpuppet” reviews.
The reason why some publishers do this is simple: to boost their Play Store search rankings, thereby attracting more potential “customers.” As described by Google, how search results return specific apps depends on “the overall experience of [the] app based on user behavior and feedback. Apps are ranked based on a combination of ratings, reviews, downloads, and other factors.”
High install counts and high numbers of good reviews make them appear high in the list when users search for these apps using generic terms.
What can users do about it?
If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps which offer subscription-based charges after a short trial.
Nobody likes to read the fine print, but if you do happen to install an app that asks you to sign up for a free trial, it pays to read everything on the trial prompt to make sure you won’t be charged lots of money for an app.
It pays to treat apps like these with suspicion. Read reviews before you install the app; Keep in mind that app publishers might also be manipulating reviews by filling them with five-star ratings that don’t tell you much.
If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondance with the publisher, and be prepared to share that with Google if you end up disputing the charges.
Finally, even if one of these apps looks great, it pays to search for similar apps from developers or publishers with a good reputation. In most cases, free alternatives abound.
| Package Name | Short name (app list) | Install Count | Subscription (weekly, US) | Subscription (monthly, US) | Subscription (annual, US) |
| com.astrofun.android | Astrofun | 500,000+ | $14.99 | ||
| com.banuba.beauty | Easysnap | 100,000+ | $24.99 | $89.99 | |
| com.bestvideostudio.movieeditor | VCUT | 5,000,000+ | $6.99 | ||
| com.faceditor.facex | Face X Play | 100,000+ | $25.99 | $83.99 | |
| com.fortunemirror | Fortunemirror | 5,000,000+ | $69.99 | ||
| com.funcamerastudio.videomaker | Filmigo | 50,000,000+ | $9.99 | ||
| com.jb.emoji.gokeyboard | GO Keyboard | 100,000,000+ | $9.99 | $59.98 | |
| com.jb.gokeyboard | GO Keyboard Lite | 100,000,000+ | $9.99 | $59.99 | |
| com.jb.gosms | GO SMS Pro | 100,000,000+ | $9.99 | $59.99 | |
| com.jb.screenrecorder.screen.record.video | GO Recorder | 5,000,000+ | $11.99 | $95.88 | |
| com.jb.security | GO Security | 10,000,000+ | $4.98 | $39.98 | |
| com.jb.zcamera | Z Camera | 100,000,000+ | $9.99 | $59.88 | |
| com.screenrecorder.recorder.editor | Master Recorder | 1,000,000+ | $9.99 | $59.98 | |
| com.steam.photoeditor | S Photo Editor | 100,000,000+ | $9.99 | $59.98 | |
| com.video.master | Wonder Video | 10,000,000+ | $12.99 | $79.99 | |
| com.videoeditor.videomaker.photos.music.pictures | Clipvue | 5,000,000+ | $9.99 | $49.99 | |
| com.videomaker.editor.slideshow.songs.record.album | Filmix | 5,000,000+ | $6.99 | ||
| nfrt.recoverfree | Photo Recovery & Video Recovery | 100,000+ | $199.99 | ||
| screen.recorder | ScreenRecorder | 5,000,000+ | $9.99 | $69.99 | |
| screenrecorder.recorder.editor | V Recorder | 10,000,000+ | $9.99 | $79.99 | |
| screenrecorder.recorder.editor.lite | V Recorder | 10,000+ | $11.99 | $89.99 |
hayarukawai
Great article! The list is a great tool! I’ve copied it to add it to my customer’s central mobile consoles in the blocked apps list. Thanks!
David Revie
thank you very much. I got caught once but I am more learry now. but your assessment is great .
Terry H
In your article you have a graphic in which one is AppLock listed as a video editor. That’s not what AppLock does. It encrypts apps for security. I have used it for several years and if I paid a fee it was one time.
Ash Nallawalla
Please put an outline and caption on the images, as I initially thought I was seeing ads on this page.
LuisCLB
Some other apps that actually give you a real service are using this method. NOON app is one of them. They don’t notify you about the expiring trial and keep the fee in a low profile. Then they charge you $159 at once and show you their no refund policy. Scam!!!
android Ninja
where is that app ? do you have a link ? Is that Noon shopping app i can’t see any charge on it ?
dbareis
To play it safe, you can cancel the subscription IMMEDIATELY after creating it and you will still have the trial period (I do this for all similar apps, not just scams). If I really want it after the trial I’ll set up the subscription again.
Nicholas
Well, from today onwards I will check apps for payment history. By the way, thank you for information.
Thor Lancaster
Thank you for providing package names in this article. I am developing a service to detect fake Play store reviews and some of these apps appear have thousands (a veritable trash trove) of fake reviews based on chronological and duplicate detection. This list is going to be one of the first things I feed my algorithm.
I really wish Google would take action against these shady developers. From the reviews, it is pretty clear that the developers are making themselves a killing off these bogus charges.
P.S. com.macland.qrscanner and com.appland.qrscanner are two more fleeceware apps out there.
Jagadeesh Chandraiah
thanks for reporting these apps, we will take a look, if you find more please send them here – samplessophoscom
Jagadeesh Chandraiah
samples at sophos dot com