What is Fleeceware? Is it a Scam?

Watch out for free trial loopholes from Google Play Store apps

Do you download apps from the Google Play Store? Watch your bank account; even if you're only testing an app out on a free trial basis, you could end up the victim of fleeceware.

What is Fleeceware?

There is some disagreement about whether or not fleeceware is a scam or not. First spotted in September of 2019, fleeceware are apps that typically charge users hundreds of dollars in fees once they have exceeded a free trial time period from the Google Play Store.

Some app developers used loopholes in the Play Store's trial period functionality policies not only to charge excessive fees to users who forgot to end trial subscriptions but also to charge users who thought they properly ended free trials as well. Others charged the fees without even allowing the user the promised free trial period.

Developers argue that fleeceware is not a scam since the registration process does spell out the terms and conditions for use of the downloaded app, including the price of subscription charges. Industry experts, however, say the practice walks a fine line between ethical and scam since users universally say they were unaware they would be charged abnormally high fees that do not follow industry norms for mobile app downloads.

Merriam-Webster says the definition of fleece (verb) is to strip money or property by fraud or extortion or to charge excessively for goods or services. The term 'fleeceware' was created by SophosLabs, which reported to Google the first 15 apps it found that were charging exorbitant fees using the Play Store's free trial loopholes.

How Does a Fleeceware Scam Work?

Because fleeceware developers follow all of Google's rules and the apps do perform intended functions intended, they are technically not considered scammers by Google.

You can decide if it's a scam or not: Fleeceware involves apps that prompt you to sign up for a very short trial period, typically around three days, with payment information required during the initial registration signup for and download of the app. Finally, language within the registration agreement states that users must tell the developer they are specifically cancelling the trial period in order to properly drop out of the trial or risk being charged cancellation fees.

The fleecing begins when the user no longer wants the app. Since app users have become accustomed over the years to simply uninstalling an app before a free trial ends if they decide they no longer want it, they perform the uninstall on a fleeceware app and believe they are free from further obligation. That uninstall process typically stops a free trial and blocks any related fees from the developer in standard apps.

However, a loophole in Google's policies allows fleeceware app developers to block refunds after just a few days into the trial period and charge fees anyway since an uninstall does not specifically advise the developer that the user no longer wants the app.

Remember: The small print requires the user to specifically notify the developer if the app is no longer wanted.

Additionally, the developer does typically state somewhere in the process that the user is agreeing to an abnormally high subscription fee if the trial is not cancelled properly. In some cases, the user is charged the fee every month unless and until the subscription is cancelled.

Fleeceware example showing notice of high fees

Some of the apps noted by SophosLabs did not even give users the full free trial period before charging them.

How Do a Fleeceware Scammers Find Victims?

These scammers found you on the Google Play Store when you downloaded an app of some kind that offered very limited functions, such as QR code readers, barcode readers, calculators, or GIF makers. That's not all of them, though; SophosLabs says it has found many more that remain in the Play Store.

The developers did tell you about these fees in the fine print, however. That's why they say they aren't scammers but, rather, business people with a new business model.

Apps you might have downloaded include, but are not limited to:

  • QR Code Reader
  • Compass Pro
  • Professional GIF Maker
  • Pic Collage
  • Old Me
  • Camera Search By Image

How Do I Avoid Getting Involved in This Scam?

Most apps in the Google Play Store are safe to download; Google has fairly stringent processes before accepting them. Those processes, however, typically watch for apps with viruses and potentially unwanted software. Because fleeceware is typically safe software that doesn't involve malware, it can slip by during the approval process.

You can avoid involvement with fleeceware by reading the fine print for every single app you download, regardless of whether or not it comes from the Play Store. Keep a very close eye on trial period offers and never agree to enter your credit card information when downloading an app for a free trial.

Also, carefully read user reviews and look at prices for in-app products that should be stated under Additional Information in the Play Store before you download any app.

Note in the image below that a user complains about a 20 Euro/month charge for the app. Under In-app Products, too, this sample app indicates that some in-app purchases could be as high as $97.88 each. These are both clues that this app, despite its popularity, is charging excessive fees to users.

Sample Play Store app review

Finally, avoid apps that provide extremely short trial periods, specifically those involving trial periods of less than seven days.

Example of fleeceware app download

I'm Already a Victim. What Should I Do?

If you have downloaded software from the Google Play Store that required a credit or debit card during the installation process, check your bank charges now. If charges seem appropriate (i.e. a few dollars a month), you're probably safe from fleeceware. If, however, you see any app charges that seem excessive or that you don't agree with, take the following steps.

  1. On Android, open the Settings on your phone and tap Apps. Tap the app in question to open its details, then tap App details in store and look for Developer contact information. Use the email address provided to notify the developer you do not want the app and do want charges stopped immediately.

    Android screenshots of how to find a developer's contact information.

    While you're in this section of your phone, use Rate this app to warn others if you feel that's appropriate. Additionally, keep a copy of the email you've sent to the developer; you might need it for your bank.

  2. Uninstall the app from your phone or mobile device immediately. Keep in mind that the steps for uninstalling apps might differ for Android devices, iPhones, and iPads.

  3. Dispute the charges to your bank and request that the developer be blocked from sending through additional charges. If needed, you can provide the bank a copy of the email you sent to the developer cancelling the service. You might not be able to recoup previous charges but this step should help stop future charges depending upon your specific bank's procedures.

  4. Consider reporting the app and its developers to authorities. You can report them to the U.S. Federal Trade Commission (FTC) which has an online complaint assistant for consumers who want to report fraudulent activity. You can also file a complaint with the Internet Crime Complaint Center (ICCC), a partnership between the U.S. Federal Bureau of Investigations and the National White Collar Crime Center.

How do I Avoid Being Targeted for This Type of Scam?

The best thing to do in the future is to carefully review all the terms and conditions of any app you download, regardless of the site you use for the download. While Google Play Store has strict processes, you can see how those can be circumvented by developers. Other sites do not have such stringent protocols, which makes you more at risk when you download software.

You can spot scam websites if you're paying close attention but be thoughtful about how you landed on the site: Did your web browser suddenly redirect you to an unfamiliar site or did you purposely seek it out? Did you click a link from someone you don't really know to get to the site?

Phishing and other email scams also target users to entice them into downloading suspect software. Pharming scams, too, are a specific type of scam that direct users to fake websites specifically to steal personal and financial information. Use caution wherever you go on the internet.