Android scam: Firms fined over $500,000 for malicious apps’ hidden subscriptions

Three UK firms have been fined over $500,000 for an Android scam that involved apps signing up to a subscription service, and suppressing notifications informing the victim they were being charged, according to The Guardian.

Following an investigation by PhonepayPlus, the UK’s premium-rate phone number regulator, Circle Marketing was fined £130,000 ($203,860), Syncronized £120,000 ($188,179) and Cloudspace £80,000 ($125,142). They have also been instructed to refund affected customers, after being unable to show that they had obtained consumers’ consent to be charged.

The exploit was hidden within a number of apps with names like “Fun Sexy Girls” and “Glam Pleasures” which would automatically download without victims’ consent or approval upon visiting adult websites. Once installed, a user would be subscribed to a service that on average would charge between £1.50 and £4.50 (around $2.45 and $7) per week by tapping anywhere on the screen.

BT reports that the Android scam involved suppressing the text messages that alerted users to their new subscription, meaning victims would be unaware of their new unwanted commitment.

Other victims found themselves subscribed by a WAP link sent to them after their contact details had been obtained from marketing lists. Some of the affected users found themselves subjected to ‘explicit text messages’.

“The digital economy is ever more central to people’s lives, bringing new opportunities for business but also new risks to consumers through evolving mobile malware,” said Joanne Prowse, PhonepayPlus’ Acting Chief Executive. “Tackling this threat and supporting genuine innovation and good business within premium rate services is one of PhonepayPlus’ key priorities.”

“This case of mobile malware is not typical of the majority of premium rate service businesses, which offer services that consumers enjoy and find convenient to use. If the UK’s digital economy is to fulfill its potential we must all play our part, business, regulators, and government alike, in driving bad practice out of the market,” she added.

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.