Avast warns of fleeceware apps on the Apple App Store and shares tips on how to avoid falling victim to fleeceware scams
Avast (LSE:AVST), a global leader in digital security and privacy products, has discovered and reported three apps to Apple’s App Store, which overcharge users, do not provide the services they promote and appear to be “fleeceware”. The apps are available on the Apple App Store as Beetle VPN, Buckler VPN, and Hat VPN Pro, and according to data from Sensor Tower, a mobile apps marketing intelligence and insights company, the apps have been downloaded over 420K, 271K, and 96K times, respectively, between April 2019 and May 2020.
The apps claim to be VPN apps, charging $9.99 (USD) a week for a weekly subscription once their free three day trial expires. The apps’ all have high ratings, ranging from 4.6 to 4.8, and include enthusiastic reviews, all similarly written, which Avast considers may potentially be fake. In between the rave reviews, there are a few reviews warning of the scams. The apps’ privacy policies also have very similar language and structure.
Avast researchers installed the three apps and successfully purchased subscriptions to each app; however when they tried to use the VPNs, the apps only provided subscription options again. After attempting to purchase the subscriptions again, Avast researchers were notified they already have a subscription and thus were unable to establish a VPN connection using any of the apps.
“Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs. In this case, the VPNs are being sold for $9.99 (USD) a week, when trustworthy VPNs cost ten times less.” said Nikolaos Chrysaidos, Head of Mobile Threats & Security at Avast. “These apps are not behaving maliciously so they circumvent screening processes to be added to the official app stores’ that users trust. With many people turning to VPN apps to protect their data while working remotely, this illustrates how important it is for users to research VPN apps before installing them, including who is behind the product, their track record with other products and user reviews, and experience in offering security and privacy apps.”
How users can recognize fleeceware apps
Fleeceware apps can come in any category. The reviews for fleeceware apps tend to look fake, with multiple users leaving a review like “Exciting” or “My love”, and real reviews reveal the app does not actually work, or unknowingly charges users large sums of money. Fleeceware apps typically offer a free three to seven day trial, but can require users to enter their payment information before the trial begins, and automatically charge users unreasonable sums of money after the trial ends.
Users should carefully note what happens after an app’s trial period ends and how much an app will charge after a free trial period, to check if the charge will be automatically deducted from their card on an ongoing basis unless they cancel the subscription.
Links to the apps:
Buckler VPN:
Hat VPN:
Beetle VPN:
Links to the apps’ privacy policies:
Buckler VPN: https://bucklervpn.com/policy.html
Hat VPN:
Beetle VPN:
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.