Skip to content
Threat Research

Don’t let fleeceware sneak into your iPhone

A SophosLabs investigation reveals fleeceware app publishers are also operating on Apple's App Store for iPhones and iPads

Since we began writing last year about the consumer-hostile trend in mobile apps that we’re calling fleeceware, the number of apps we’ve discovered that engage in this practice have only increased. In the first two articles we wrote about fleeceware, we covered various Android apps in the official Play Store charging very high subscriptions for apps of questionable quality or utility.

In this latest round of research, we found more than 30 apps we consider fleeceware in Apple’s official App Store.

Many of these apps charge subscription rates like $30 per month or $9 per week after a 3- or 7-day trial period. If someone kept paying that subscription for a year, it would cost $360 or $468, respectively. For an app.

Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.

Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps. It’s debatable that the apps provide “ongoing value to the customer,” as required in Apple’s App Store Review Guidelines for app subscriptions, section 3.1.2(a).

 

When “free” isn’t really free

Many of the fleeceware apps we see are advertised within the App Store as “free” apps, which puts the apps at odds with  section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their “app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases.”

If you think one of these apps is free and install it, the app presents you with a “free trial” notification immediately upon launching the app for the first time. This notification prompts the user to provide payment card details. In some cases, most of the useful features of the app will only be usable if you sign up for the subscription. Some users may sign up to subscribe without reading the fine print, which includes the actual cost of the subscriptions.

Fleeceware in Top Grossing app charts

While the Apple App Store does not publish the number of downloads for any given app within the app’s listing in the store, the company does keep track of how much money apps make. Many of these fleeceware apps are listed among the top grossing apps, at the time of writing. It’s fair to say these apps are generating plenty of revenue for developers, of which Apple keeps a 30% cut during the first year.

The terms for a Lucky Life subscription displayed in a faint grey text

Zodiac Master Plus, one of the apps on our list of fleeceware, is listed as the 11th highest revenue-generating app. Another app, named Lucky Life – Future Seer, is earning more revenue than even the extremely popular Britbox, one of the UK’s most popular subscription streaming TV services.

Two of the apps earning the most revenue in the Lifestyle category use high-cost subscriptions

One third party source estimates App Store revenue, which includes all types of purchases, to be $13 billion dollars in 2018, just in the USA.

After one year, Apple gets 15% and the developer’s share increases to 85% of the subscription price.

Advertisements drive more people to fleeceware

If you find yourself wondering why users would even consider installing apps such as these, it’s probably thanks to advertising. These apps are advertised through various popular platforms, including in YouTube videos or on social media platforms like Instagram, TikTok, and even in ads that appear within other apps.

When users visit the app’s page in the App Store app, they’ll find a high number of five-star reviews. While we have no evidence that these are manipulated or artificially inflated reviews, that is another criteria by which the App Store may take action against developers. These advertisements offer a high return on investment, given the high subscription charges.

But not all the reviews are upbeat about these products. Here are a few examples of negative user reviews that illustrate how ads attract users to the apps.

Negative reviews and vulnerable users

These apps also have lots of negative, one-star reviews from users complaining about the challenge of canceling subscriptions and getting refunds, with many iPhone and iPad owners wondering aloud why apps that exhibit this type of behavior exist on Apple’s official App Store.

In one instance, one user posted a complaint about being charged £148 (about US$170) over a 5 month period, when his child accidentally subscribed to one of these apps, and he didn’t notice the subscription charges right away.

The negative reviews for some of these products are devastating.

Both iOS and Android face a fleeceware problem

Fleeceware is a problem on both the Android and iOS mobile platforms. The list below is representative of the fleeceware apps we’ve seen at the time of this writing. App publishers also have the ability to introduce new fleeceware apps by releasing new apps with the same subscription policies, or by converting a previously free app into fleeceware by changing the app’s profile in the App Store, though Apple developer policies prohibit this behavior.

Users should remain vigilant and carefully scrutinize the terms for purchasing or “subscribing” to apps promoted through in-app advertisements. If $30 a week seems like a lot to spend on astrology, a barcode reader, or an app that will show you what you’ll look like when you’re 80 years old, find another app.

How to cancel your subscriptions

If you have one of these fleeceware apps and want to change or cancel your subscription, please follow the instructions below

iOS

This is how you can do it on Iphone as described in Apple support page here.

  1. Open the Settings app.
  2. Tap your name, then tap Subscriptions.*
  3. Tap the subscription that you want to manage. Don’t see the subscription that you’re looking for?
  4. Choose a different subscription option, or tap Cancel Subscription.If you don’t see Cancel Subscription, the subscription is already canceled and won’t renew.

*If you don’t see “Subscriptions” in the Settings app, tap iTunes & App Store instead. Tap your Apple ID (which is usually your email address), then tap View Apple ID. Sign in, scroll down to Subscriptions, then tap Subscriptions.

iPhone showing where you can find subscriptions in Settings.

Android

Instructions for cancelling Android app subscriptions from Google’s Play Store support page:

On your Android phone or tablet, open the Play Store.

  1. Check if you’re signed in to the correct Google Account.
  2. Tap the hamburger menu icon Menuand then Subscriptions.
  3. Select the subscription you want to cancel.
  4. Tap Cancel subscription.
  5. Follow the instructions.

Fleeceware Apps List

App Name Weekly Monthly Yearly Rank* Download** Revenue**
Seer App:Face, Horoscope, Palm $7.99 $29.99 $79.99 #153 20k $20k
Selfie Art – Photo Editor £8.49 £24.49 £89.99 #14 500k $700k
Palmistry Decoder $8.99 $69.99 #23 300k $600k
Lucky Life – Future Seer $8.99 $24.99 $69.99 #40 200k $200k
Life Palmistry – AI Palm & Tag $7.99 $24.99 $79.99 #39 100k $200k
Picsjoy-Cartoon Effect Editor $7.99 $79.99 <5k
Aging seer – Faceapp,Horoscope $7.99 $8.99 $59.99 <5k
Face Aging Scan-AI Age Camera $8.99 $59.99 <5k
Face Reader – Horoscope Secret $2.99 $9.99 $59.99 <5k
Horoscope Secret $9.99 $29.99 $74.99 <5k
CIAO – Live Video Chat $19.99 $74.99 #66 60k $80k
Astro Time & Daily Horoscope $7.99 $19.99 $49.99 #106 20k $30k
Video Recorder / Reaction $2.99 $9.99 $49.99 <5k
Crazy Helium Funny Face Editor $4.99 $9.99 $49.99 #384 70k $7k
Banuba: Face Filters & Effects $7.99 $24.99 $79.99 #50 70k $100k
QR Code Reader – Scanner £8.99 £12.49 #444 <5k $40k
QR Code Reader & Barcode PRO $9.49 $47.99 #103 80k $90k
Max Volume Booster £9.99 £19.49 £48.99 #134 20k <$5k
Face Reading – Horoscope 2020 $4.99 $15.99 $69.99 <5k
Forecast Master 2019 £8.99 £19.99 #134 <5k $10k
mSpy Lite Phone Family Tracker $49.99/quarter $99.99 #3 1mil $700k
Fortunescope: Palm Reader 2019 $9.99 #876 80k $200k
Zodiac Master Plus – Palm Scan $8.99 $22.99 $83.99 #9 200k $500k
WonderKey-Cartoon Avatar Maker $7.99 $18.99 $79.99 #18 30k $60k
Avatar Creator – Cartoon Emoji $8.99 $67.99 #52 200k $100k
iMoji – Cartoon Avatar Emojis £7.99 £19.49 £87.99 #55 10k $20k
Life Insight-Palm & Animal Face $8.99 $22.99 $69.99 #26 400k $600k
Curiosity Lab-Fun Encyclopedia £7.99 £25.49 £87.99 #80 10k $9k
Quick Art: 1-Tap Photo Editor £7.99 £25.49 £87.99 #157 20k $8k
Astroline astrology, horoscope $8.99 $19.99 $49.99 #20 200k $300k
Celeb Twin – Who you look like

 

$5.99 $19.99 $59.99 #682 <5k
My Replica – Celebrity Like Me

 

£7.99 £19.99 £49.99 #56 90k $70k
TOTAL (estimated in USA) 3.5 Million

(approx. 3,680,000)

$4.5 Million

(4,644,000)

* Highest Ranking Based on Sensor Tower Top Grossing iPhone Apps Category Rank history in their specific category between Dec9-Mar2 2020 in USA

**Sensor Tower data, worldwide, as of Jan 2020

Acknowledgement

Thanks to researcher Xinran Wu for his assistance with this post.

7 Comments

Useless list because the manufacturers are missing and there are some apps with similar spelling. How to identify the app 100% clean?

Reply

Hi Ralf. Thanks for your comment. We’ll update the list with links directly to those apps we reference as soon as possible, but the main way you can know if a particular app is fleeceware is to observe its behavior after you install it. If the app immediately pushes you to a premium subscription, when you try to use any feature or even just when you first launch the app, that’s a good sign the app is a fleeceware.

It’s worth reminding people that fleeceware apps are not inherently malicious, in and of themselves. They do not, for example, steal passwords. Installing the app does not present any danger to the user, because the user must also agree to the high cost subscription, or trial period, which happens after the app has been installed – usually upon the first time the user launches the app.

The principal ‘fleeceware’ characteristic that people find objectionable is the extremely high cost for the subscription, and the fact that uninstalling the app by itself does not stop the charges from rolling in. The greatest risk comes from people who simply click through the subscription page without reading the full details or understanding the consequences, thinking that it is just a dialog box they can ignore.

Hopefully that helps, but for what it’s worth, the app names listed here are verbatim to the names the apps present in the App Store.

Reply

Have you tried looking at. C-Date ? Put “c-date auto renewal subscription scam” Into google and you can find literally thousands of victims worldwide , and that app seems to be just one of a family of dating apps which all use the same scam to get people locked into a 300eur resubcription without telling them and making close To impossible to object (send an email to support@lisa18.com) buried Ina. Clause of the separate t&c and this domain bears no relationship to the app developer or the app in any way).

Reply

Have you tried looking at. C-Date ? Put “c-date auto renewal subscription scam” Into google and you can find literally thousands of victims worldwide , and that app seems to be just one of a family of dating apps which all use the same scam to get people locked into a 300eur resubcription without telling them and making close To impossible to object (send an email to support@lisa18.com) buried Ina. Clause of the separate t&c and this domain bears no relationship to the app developer or the app in any way).

Reply

I think some real-world things, like whole-life insurance meet the premise of this investigation as well and should get the same scrutiny. After all, they are not insurance products, but very overpriced investments (a person could take the same risk for far less cost with an IRA mutual fund). I guess the only difference is they don’t promise anything for free, but it’s a thin distinction

Reply

It’s awesome that you are exposing these fraudsters.
Please add to the list roommate finding apps such as Roomster and SpareRoom as well as lgbt dating apps Surge, Zoe, Grizzly. I am sure in both of these categories there are many others as well. Same pattern of fake reviews, apps are basically useless, one can’t really do anything useful without paying. They are full of fake profiles who send you scam messages. They also have fake twitter accounts where they post photos of random twitter users claiming that they have profiles on the app, and facebook accounts with more fake reviews from other fake accounts. I also suspect that they sell personal information because I noticed a huge spike in scam phone calls to my number right after using these apps. I am sure that Apple is aware of all this as these apps have been available for several years already and scrolling through reviews, one can easily see that pattern is repeating continuously whole time.

Reply

Thanks for sharing, is there any solution? An email to report to at apple? I find there help section just sends u in circles, I spend so much with apple, this is the 1st time I’ve been blatantly ripped off by apple or it’s developers since the birth of the app store

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!