Security News

Apps Selling for Hundreds of Dollars on Google Play Store

App users are being charged hundreds of dollars for everyday apps such as calculators and barcode readers which can otherwise be found for free. And it's all being done within the guidelines of the in-app purchasing policy of the Google Play store.

SophosLabs uncovered several Android apps that are being sold by unscrupulous developers who are abusing a loophole in the policy that allows users to download and use apps at no cost for a short trial period. If the user doesn't want to use the app beyond the trial period, they need to uninstall the app and inform the developer they no longer wish to use the app. If this isn't done, the app developer charges the user. Usually this is a few dollars.

The loophole lies in 'charging the user'. Deceitful developers start by making users sign up with payment information before they can use the app. Many users don't read the fine print which tells them that, in order to fully stop using the app, they have to explicitly tell the developer they are cancelling the trial period. When users fails to do this, the exorbitant charges start.

In the case of one app, the developer charges users €104.99 (US$115) after 72 hours, while the makers of another app go even further and charge users €214.99 (US$235) when the trial ends. While many of these are one off payments, some are yearly subscriptions. Even worse, there are apps that charge a monthly fee until the user cancels their subscription.

Technically, the apps - as defined by the Google Play store rules - aren't doing anything fraudulant or illegal, such as malicious activity, and perform the function they claim to do.

SophosLabs contacted Google and asked if high-value monthly subscriptions to apps with very basic functionality violates their in-app purchasing policies. They are yet to respond.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts