Home News Beware of these “fleeceware” VPN apps on Apple App Store

Beware of these “fleeceware” VPN apps on Apple App Store

Beware of these “fleeceware” VPN apps on Apple App Store, SonicWall hacked

Avast, a maker of digital security and privacy products, has discovered and reported three fleeceware apps to Apple’s App Store, which overcharge users, do not provide the services they promote and appear to be “fleeceware”. The apps are available on the Apple App Store as Beetle VPN, Buckler VPN, and Hat VPN Pro, and according to data from Sensor Tower, a mobile apps marketing intelligence and insights company, the apps have been downloaded over 420K, 271K, and 96K times, respectively, between April 2019 and May 2020.

How to identify Fleeceware

Fleeceware” has a characteristic of overcharging users for functionality that is widely available in free or low-cost apps.

Fleeceware apps can come in any category. The reviews for fleeceware apps tend to look fake, with multiple users leaving a review like “Exciting” or “My love”, and real reviews reveal the app does not actually work, or unknowingly charge users large sums of money. Fleeceware apps typically offer a free, three to seven day trial, but can require users to enter their payment information before the trial begins, and automatically charge users unreasonable sums of money after the trial ends.

Users should carefully note what happens after an app’s trial period ends and how much an app will charge after a free trial period, to check if the charge will be automatically deducted from their card on an ongoing basis unless they cancel the subscription.

What Avast researchers observed

The apps claim to be VPN apps, charging $9.99 (USD) a week for a weekly subscription once their free three-day trial expires. The apps all have high ratings, ranging from 4.6 to 4.8, and include enthusiastic reviews, all similarly written, which Avast thinks could potentially be fake. In between the rave reviews, there are a few reviews warning of the scams. The apps’ privacy policies also have very similar language and structure.

Avast researchers installed the three apps and successfully purchased subscriptions to each app; however, when they tried to use the VPNs, the apps only provided subscription options again. After attempting to purchase the subscriptions again, Avast researchers were notified they already have a subscription and thus were unable to establish a VPN connection using any of the apps.

“Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs. In this case, the VPNs are being sold for $9.99 (USD) a week, when trustworthy VPNs cost ten times less,” said Nikolaos Chrysaidos, Head of Mobile Threats & Security at Avast. “These apps are not behaving maliciously so they circumvent screening processes to be added to the official app stores’ that users trust. With many people turning to VPN apps to protect their data while working remotely, this illustrates how important it is for users to research VPN apps before installing them, including who is behind the product, their track record with other products and user reviews, and experience in offering security and privacy apps.”

You can read the privacy policies of these apps here:

Buckler VPN: https://bucklervpn.com/policy.html

Hat VPN: https://hatvpnpro.com/data-policy.html

Beetle VPN: https://beetlevpn.com/data-policy.html