Cybersecurity experts have revealed that a batch of misleading apps on Google Play Store has the potential to dupe users and cost them thousands. Researchers from IT security company Sophos added that these 23 apps clearly violate Google Play Store's security policies as well. Notably, in June, Google updated its developer policies with new directives to address these loopholes. However, researchers have found that some of these apps are still at large and urged users to delete them immediately if they have been downloaded.
"The new Google-issued rules are designed to address some forms of deceptive marketing display copy, but they also have some loopholes that permit other behaviour some might consider unscrupulous,” researcher Jagadeesh Chandraiah explained in a blog post on the matter.
Chandraiah in his blog post detailed that the creators on Google Play use a 'blind subscription' model which often doesn't show the complete billing details. This includes spam subscription which Chandraiah says acts like a 'rabbit hole' where once users sign up, they find themselves subscribed to a bunch of different apps as well. These result in unsuspecting users spending thousands as these 'fleeceware' apps are often linked to one another.
"According to Google, ‘the offer emphasises the free trial, and users may not understand that they will automatically be charged at the end of the trial.' Publishers aren't allowed to do this anymore, but some still try," Chandraiah further said.
Following is the full list of 23 apps that you should remove from your smartphone