The fleeceware apps take advantage of app store policy loopholes and coercive tactics to overcharge users for limited AI functionality
Leave it to the ingenuity of humans to fleece their own kind. With the runaway popularity of generative AI apps raging, scammers and fraudsters have created mobile apps masquerading as legitimate, ChatGPT-based chatbots to overcharge victims.
Such “fleeceware” has popped up in both Google Play and Apple App Store, but offering near-zero functionality and constant ads unless unsuspecting users sign up for a subscription that can cost hundreds of dollars a year.
The key characteristics of fleeceware apps are that the app they emulate is already free elsewhere: social engineering and coercive tactics are then used to convince users to sign up for a recurring subscription payment in order to enjoy more functionality. According to Sophos, fleeceware does offer a free trial, but with so many ads and restrictions, users will find the software barely useable until a paid version is bought.
Furthermore, these apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. Scammers also inflate the fleeceware app ratings by generating fake reviews and persistently requesting users to rate the app before it has even been used.
Five ChatGPT fleeceware apps
In total, Sophos has uncovered five ChatGPT fleeceware apps, all of which claimed to be based on the ChatGPT algorithm.
- In some cases, as with the app “Chat GBT”, the scammers spoofed the name “ChatGPT” to improve their app’s ranking in the Google Play or App Store.
- These apps were charging anything from US$10 a month to US$70.00 a year.
- The iOS version of “Chat GBT,” called Ask AI Assistant, charged US$6 a week (US$312pa) after a three-day free trial; netting the developers US$10,000 in March 2023.
- Another fleeceware-like app, called Genie, encourages users to sign up for a US$7 weekly or $70 annual subscription, raking in US$1m over the past month.
- Fleeceware apps are specifically designed to stay on the edge of what is allowed by Google and Apple in terms of service, and they do not flout the security or privacy rules, and are hardly ever rejected by these stores during review.
- While Google and Apple have implemented new guidelines to curb fleeceware, fraudulent developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up.
- While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up. More will likely appear in future.
The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting the ‘subscribe’ button. “Users can also report such apps to Apple and Google if they think the developers are using unethical means to profit,” Gallagher added.
For users who have already downloaded these apps, they should follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not terminate the subscription.