Artificial intelligence is one of the most significant advances in technology. It is used in one way or another everywhere, from voice input recognition on your smartphone to autopilot systems in cars. But the latest development in the industry – the launch of OpenAI’s ChatGPT, which has caused a stir even to the point that some influential people want to temporarily halt its growth. But, unfortunately, scammers and those who wish to profit from it haven’t been spared either. Moreover, they started creating fleeceware, which empties users’ wallets. We will talk about them now.
What is fleeceware?
Fleeceware apps have free versions that perform little or no function or are constantly deliberately bombarding users with ads of in-app purchase, that unlock the actual functionality. In this way, tricky developers force users to sign up for a subscription, which can be unnecessarily expensive. Here are the main signs of fleeceware:
- The app’s functionality is free from other online sources or through the mobile OS.
- The app forces the user to sign up for a short trial period. In the end, the user is charged periodically for the subscription.
- The app floods the user with ads, making the free version unusable.
Usually, during installation, such apps request permission to track activities in other apps and websites and request to rate the app before even using it. In the process of abundant spamming with permission requests, such as for sending notifications, the app tries to get the user to sign up for a “free” trial version.
The pseudo-developers are banking on the user, not paying attention to the cost or forgetting that they have this subscription. Since fleeceware is designed to be useless after the free trial period ends, users uninstall it from their devices. However, uninstalling the app does not cancel the subscription, and the user is charged monthly and sometimes weekly for a subscription they don’t even use.
“FleeceGPT”
Researchers recently published a report stating that one mobile app developer made $1 million per month simply by charging users $7 weekly for a ChatGPT subscription. If you’ve never dealt with the chatbot, this may seem like a regular phenomenon. However, the catch is that OpenAI provides this service to users for free. In addition, during a raid on the Google Play and Apple App Stores, experts found several other ChatGPT-related fleeceware apps.
“Genie AI Chatbot,” fleeceware app, was downloaded more than 2m per last month from the App Store. The first reason this app could be called fleeceware is that the popup asks to rate the app before it is fully launched and also asks to track actions in other apps and websites. While this app fulfills its stated function, it can only handle four requests per day without a subscription, which is extremely low. To remove this limitation, the user would have to subscribe, which would cost $7 per week, which is costly.
Measures against fleeceware
Unfortunately, there are a lot of such applications in the official stores, and store owners are in no hurry to remove them. The point is that the store receives a commission for each transaction in the app. For example, Apple gets 30% of each purchase in the application, so they are not interested in being left without earnings. However, both Apple and Google have rules for stores designed to combat earlier generations of fleeceware. These rules prevented app fraud since some apps were worth over $200 monthly. Under the new rules, developers must report subscription fees in advance and allow users to cancel this subscription before the payment is taken off.
However, savvy scammers are finding ways around these rules. According to research, the number of ChatGPT-related web domains increased by 910% from November to April, and URL filtering systems intercepted about 118 malicious web addresses daily. Since ChatGPT is not officially working in some countries, there is a high demand for this bypass solution. It costs as little as 8 cents to output 1,000 words through the OpenAI API, and a monthly subscription to the latest ChatGPT is $20. But scammers offer the functionality of the basic version of the chatbot for an average of $1 a day. However, even after Google and Apple received reports of the fleeceware, some apps were not removed.
Why aren’t the platforms removing some apps?
With more than 20 million iOS developers registered on the App Store and thousands of new apps released monthly, monitoring all this is a tremendous job, even for Apple. Moreover, some fleeceware apps are redesigned web apps. So, their functionality directly depends on a remote content platform. Such apps can pose a risk since, to add malicious functionality, the developer only needs to make some changes remotely without touching the local code. This is a common tactic to bypass protection in official app stores. The only effective way to avoid becoming a victim of such applications is to be vigilant when installing the application, read the description carefully, and see what information the application asks for.
How to cancel the subscription?
There are two types of purchases in online app stores. The first is a one-time purchase. In this case, you pay once and permanently get the application or functionality. The app is added to your library, and you can at any time download it or restore the purchase (if it is an in-app purchase), and no additional fees are involved. The second method consists of a subscription to the app or feature. This means you rent the app or individual components for a recurring payment. However, by the logic of this system, if you subscribe to the app and then delete it, the subscription is not canceled. Money will be charged even if the program is not present on your device.
To cancel your subscription on iOS, follow these steps:
1. Open the Settings app.
2. Tap your name.
3. Tap Subscriptions.
4. Go to Subscriptions.
5. Press Unsubscribe.
The subscription has already been canceled if there is no “Cancel” button or if you see an expiration message in red text.
To cancel your Android subscription, do the following:
1. Open your subscriptions in Google Play on your Android device.
2. Then select the subscription you want to cancel.
3. tap Unsubscribe.
4. Follow the instructions.
How to avoid fleeceware in future?
Since fleeceware does not harm your device, app stores are in no hurry to remove them. However, it hurts your wallet, so prevention is primarily for the user. The following tips will help you avoid these increasingly successful heist schemes.
- Beware of free trial subscriptions. Most fleece apps lure users with free three-day trials. However, you will be charged for the subscription without warning once the trial period expires.
- Scrutinize the terms of service carefully. Always read the information in the app profile carefully, including the terms and conditions and the in-app purchases section. This section usually lists all the paid features in the app, and the actual subscription cost is generally listed somewhere at the bottom of the page.
- Read more reviews. Often fleeceware creators try to flood the reviews section of their apps with fake reviews. You should flip through a few pages or sort through the reviews, and if the five-star reviews at the top are followed by reviews with one star, it’s probably fleeceware.
- Don’t be fooled by the ads. Scammers often promote their software through video ads, such as social media. However, sometimes these ads have nothing to do with promoted application.
- Improve your payment hygiene. Never use your primary card as a method of paying for subscriptions. Instead, create a separate or virtual card to keep as much money as your existing subscriptions need.
- Set a minimum online payment limit on your primary cards or disable it altogether. Also, set up an additional password or biometric verification when you pay. This will prevent unwanted subscription fees from going unnoticed.