Android apps designed to drain the wallets of unsuspecting users have been downloaded more than 600 million times, a new cyber security report claims.
The so-called "fleeceware" apps operate using a business model where users could be charged excessive amounts of money for apps with a short trial period.
"App developers take advantage of a business model available within the Play Market ecosystem in which users can download and use the apps at no charge for a short trial period," Cyber security firm SophosLab explained.
"When the trial expires, if the user who downloads and installs one of these apps hasn't both uninstalled the application and informed the developer that they do not wish to continue to use the app, the app developer charges the user."
Sophoslab previously reported several fleeceware apps to Google, with the offending ones swiftly removed by the company.
However, the cyber security company claim many more apps continue to be added.
"Fleeceware remains a big problem on Google Play," SophosLab said.
"A few of the apps on the store appear to have been installed on 100 million plus devices, which would rival some of the top, legitimate app publishers on Google Play."
The cyber security said fleeceware was found on a variety of entertaining and utility apps, including instant messengers, video editors and beauty apps.
SophosLab said Daily Horoscope Service – downloaded 500,000 times – would charge users a weekly subscription fee of $A101 per week after the three-day trial was completed.
"This business model can cause significant harm to users, and there's little recourse," the company explained.
"The Google Play Store policies are significantly less consumer-friendly than US credit card policies.
"Those who have managed to get refunds have been able to obtain them only with great difficulty."
Researchers claim developers often plant fake reviews and manipulate download counts on Google Play to "boost their Play Store search rankings".
SophosLab is warning users to "rigorously avoid" apps which offer subscription-based charges after a short trial.
"If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period," Sophos said.
"Some publishers require you to send a specific email or follow other complicated instructions to end the free trial.
"Keep copies of all correspondence with the publisher and be prepared to share that with Google if you end up disputing the charges."
Google has been contacted for comment.
Source: 9News https://www.9news.com.au/technology/fleeceware-android-apps-designed-to-charge-unsuspecting-victims-claims-report/3ecd9512-9bb9-4223-bbaa-655db34fb4f4