News

Apps Selling for Hundreds of Dollars on Google Play Store

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

App users are being charged hundreds of dollars for everyday apps such as calculators and barcode readers which can otherwise be found for free. And it's all being done within the guidelines of the in-app purchasing policy of the Google Play store.

SophosLabs uncovered several Android apps that are being sold by unscrupulous developers who are abusing a loophole in the policy that allows users to download and use apps at no cost for a short trial period. If the user doesn't want to use the app beyond the trial period, they need to uninstall the app and inform the developer they no longer wish to use the app. If this isn't done, the app developer charges the user. Usually this is a few dollars.

The loophole lies in 'charging the user'. Deceitful developers start by making users sign up with payment information before they can use the app. Many users don't read the fine print which tells them that, in order to fully stop using the app, they have to explicitly tell the developer they are cancelling the trial period. When users fails to do this, the exorbitant charges start.

In the case of one app, the developer charges users €104.99 (US$115) after 72 hours, while the makers of another app go even further and charge users €214.99 (US$235) when the trial ends. While many of these are one off payments, some are yearly subscriptions. Even worse, there are apps that charge a monthly fee until the user cancels their subscription.

Technically, the apps - as defined by the Google Play store rules - aren't doing anything fraudulant or illegal, such as malicious activity, and perform the function they claim to do.

SophosLabs contacted Google and asked if high-value monthly subscriptions to apps with very basic functionality violates their in-app purchasing policies. They are yet to respond.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203