App store policy loopholes and coercive tactics push prices up for AI assistants!
Sophos, a global cybersecurity company, has uncovered several apps pretending to be legitimate ChatGPT-based chatbots. These apps overcharge users, generating thousands of dollars each month. According to Sophos X-Ops’ latest report titled “FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash”, these deceptive apps have appeared on both Google Play and the Apple App Store. The free versions of these apps offer minimal functionality and bombard users with ads, coercing them into subscribing to expensive yearly plans that can cost hundreds of dollars.
Sean Gallagher, principal threat researcher at Sophos, explains that scammers always exploit current trends and technology to profit. This holds true for ChatGPT as well. As AI and chatbots gain significant popularity, individuals seeking similar experiences often resort to downloading applications resembling ChatGPT from platforms like the Apple App Store and Google Play Store. These fraudulent apps, known as “fleeceware” by Sophos, inundate users with advertisements until they subscribe to a paid service. The scammers rely on users either disregarding the cost or forgetting about their subscription. These apps are deliberately designed to be less useful once the free trial expires, tricking users into deleting the app while unknowingly continuing to be charged on a monthly or weekly basis.
Sophos X-Ops, in its investigation, examined five fleeceware apps claiming to be based on ChatGPT’s algorithm. These apps, such as Chat GBT, exploited the ChatGPT name to boost their rankings on Google Play or App Store. While OpenAI provides the core functionality of ChatGPT to users for free online, these apps charge users between US$10 per month and US$70 per year. The iOS version of Chat GBT, known as Ask AI Assistant, offered a three-day free trial and then charged US$6 per week, resulting in a yearly cost of US$312.
In March alone, this app generated US$10,000 in revenue for its developers. Another app similar to fleeceware, named Genie, enticed users with a US$7 weekly or US$70 annual subscription and amassed US$1 million in earnings in the past month.
Sophos discovered fleeceware apps in 2019. Not only do they charge for dupes of free apps, but they also employ social engineering and manipulative tactics to persuade users. Moreover, these apps are often poorly developed and executed, resulting in subpar functionality even after users upgrade to the paid version. To further deceive users, they manipulate their ratings in app stores by posting fake reviews and continuously urging users to rate the app, even before it has been used or the free trial period concludes.
Fleeceware apps are designed to operate within the boundaries of Google and Apple’s service policies, making it unlikely for them to be rejected during the review process due to security or privacy violations. Although Google and Apple have implemented new guidelines to combat fleeceware since the company’s initial report in 2019, developers are finding ways to circumvent these policies, such as imposing significant limitations on app functionality unless users pay.
Although some of the fleeceware apps mentioned in Sophos X-Ops’s report have been removed, new ones continue to emerge, and it is expected that more will appear in the future. According to Gallagher, the most effective protection against fleeceware is awareness and education. Users need to be mindful of the existence of such apps and should carefully read the terms and conditions before subscribing.
In case users suspect unethical practices by developers to profit from these apps, they can report them to Apple and Google. Gallagher emphasized that all the apps mentioned in the report have been reported to Apple and Google. For users who have already installed these apps, it is important to follow the guidelines provided by the App Store or Google Play Store to unsubscribe. Unfortunately, merely deleting the fleeceware app will not cancel the subscription.
In related news, cybersecurity company ThreatFabric had previously exposed five fraudulent apps in October 2022. These deceptive applications aimed to gain unauthorized access to sensitive information such as login credentials and financial data. Unfortunately, these five apps are just a fraction of the numerous fraudulent apps lurking in the digital landscape. Users must remain vigilant and protect themselves from falling victim to such scams, including other types of fake apps found on Google Play.
- 3 Dangerous Cybersecurity Threats of 2023
- Top 3 Cyber Attacks and Data Breaches of 2022
- What Are the Top Five Cybercrimes?
- Cyber Attacks Can Turn to Real Shooting Wars: Joe Biden
- Three Ways to Protect Your Company from Rising Cyberattacks
- How Intel Can Break the Duopoly in the GPU Space
- What Are the Most Common Types of Phishing Attacks?
Header image courtesy of Freepik