Skip to content
Naked Security Naked Security

Fleeceware is back in Google Play – massive fees for not much at all

The apps itself isn't malicious - the treachery lies in the payment model.

Last September, we wrote about “fleeceware“, a term we coined to describe apps that charge huge amounts but give you very little in return.
Technically, the apps themselves aren’t malware, because the code in the app doesn’t do anything illegal, dangerous, sneaky, snoopy, subversive or surreptitious.
The treachery lies in the payment model – the fleeceware we identified back in September 2019 didn’t charge a fee for the app, but instead sold you a subscription to go along with the app.
And what subscriptions they were!
How about a QR code reader, much like the one already built into your mobile phone’s camera app, that was free for a three day trial…
…but then suddenly cost you a massive €104.99 even if you uninstalled the app straight after trying it and never used it again.
The app’s free, don’t forget; it’s the subscription that you’re being charged for, and Google permits app developers to ask that sort of money.

As SophosLabs researcher Jagadeesh Chandraiah wrote last year :

Because the apps themselves aren’t engaging in any kind of traditionally malicious activity, they skirt the rules that would otherwise make it easy for Google to justify removing them from the Play Market.

In a free market, it’s up to you to decide if the product and its associated service really is worth it.
So even apps that do very little can charge a lot, and hope that you forget to cancel them before your brief trial expires.
Well, we’re now in 2020, and it seems that it’s a case of plus ça change, plus c’est la même chose.
Jagadeesh has revisited the Play Store and found that new fleeceware apps seem to appear whenever old ones get removed, so there are still plenty of “moneytrap apps” waiting to catch out trusting or unsuspecting users.

The numbers beggar belief

Jagadeesh has written an update to his earlier paper and we suggest you read it because some of the facts and figures almost beggar belief.
Would you pay €104.99 to use an emoji keyboard? Would you pay €64.99 to use a camera app?
We suspect not, and yet these are examples of two apps that show up with more than 100 million installs each – as Jagadeesh points out, that’s twice as many installs as the staggeringly popular game Call of Duty: Mobile.
Many of these apps also sport a surprisingly high number of 5-star reviews, often with just one or two words such as ‘Perfect’, ‘Great’, ‘Love it’ and ‘Like it’.
For a list of apps, sample screenshots, the charges they’re asking, and some good advice on how not to ge tricked, please read Jagadeesh’s article Fleeceware apps persist on the Play Store.
As we said last time, perhaps this is simply an extreme case of caveat emptor (buyer beware).
But on the app store of the world’s largest mobile operating system maker, we’d like to think that users would never find themselves being charged hundreds of euros for an unremarkable app.

What to do?


  • Always read the small print.
  • Subscriptions outlive the app.
  • Subscriptions can’t be ended simply by uninstalling the app.

If in doubt, leave it out!

1 Comment

Unscrupulous. If you feel you must buy a subscription, use a card that you can cut off if necessary. If the product turns out to be fleeceware, then you simply stop the card.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!