[German]Now it's the turn of Apple users with iOS who download apps from the Apple Store. These were contaminated with so-called fleeceware, as Sophos security researchers have found out.
What is Fleeceware?
I first reported on the subject of fleeceware here in the blog in mid-February 2020 in the blog post Security information February 20, 2020. But that was in reference to Android apps in the Google Play Store.
The term fleeceware introduced in September 2019 is a new term for a scam on apps from the Google Play Store. It refers to Android apps that offer free trial use. After the trial period has expired, subscription fees will be charged for using the app – that's legal.
However, Fleeceware apps charge users' accounts, even though they have not extended the trial period. The trick is that users must manually cancel this subscription before the trial period expires. However, since many people simply uninstall the app after the trial, the trial continues and converts to a paid subscription even though the app is no longer used. Normally, app developers have to make sure that the subscription is cancelled when the app is uninstalled.
Sophos finds Fleeceware in iOS apps
In this article from 8 April 2020, Sophos security researchers now warn against fleeceware, which can be downloaded as iOS apps from the Apple store to iPhones and iPads. A SophosLabs investigation has found that fleeceware app manufacturers are now targeting Apple's App Store for iPhones and iPads.
(iOS apps with fleeceware, source: SophosLabs)
In an investigation of iOS apps from the Apple store, Sophos security researchers have found a number of hits. They warn that more than 3.5 million users have downloaded such fleeceware apps from the Apple store to iPhones and iPads.
If such a trial installation is performed, when registering for the trial, the User also grants the App permission to charge a fee on the User's Play Store or App Store account. If the User uninstalls the App prior to the end of the trial period, no fees should apply. At the end of the trial period, the User's account will be automatically charged and the User will be allowed to use the App, if it is still installed.
The App Store policies allow app publishers to create their own steps to cancel the trial. Some app vendors do not interpret uninstalling the app as cancelling the trial, but instead force users to go through complicated procedures. Fleeceware apps ignore an uninstall and debit the user's account even if the app is unused and removed because the user did not complete the cancellation requested by the developer.
Zodiac Master Plus, one of the apps on the Fleeceware list, is ranked 11th in terms of sales. Another app called Lucky Life – Future Seer generates more revenue than even the extremely popular Britbox, one of the UK's most popular subscription streaming TV services. Apple has a 30% share of the turnover. A list of fleeceware apps and more information can be found in this Sophos article.