iPhone users have been urged to take extra care when downloading VPN apps from Apple’s App Store following the discovery of a damaging new scam.
Security firm Avast has flagged several misleading VPN apps which overcharge users and do not deliver on the services they promise, leaving many out of pocket.
The apps are thought to have been downloaded near 787,000 times from the App Store, meaning thousands of users could be at risk of being scammed by this so-called “fleeceware”.
Avast uncovered three apps, Beetle VPN, Buckler VPN, and Hat VPN Pro, as part of the scam. According to data from their partner Sensor Tower, the apps were downloaded over 420K, 271K, and 96K times respectively between April 2019 and May 2020.
The three apps charge users $9.99 for a weekly subscription once a three day free trial expires. Avast researchers were able to install all the apps and successfully purchase subscriptions to each; however when they tried to use the VPNs, each only provided subscription options again.
When attempting to purchase the subscriptions again, the team were notified they already had a subscription, and were therefore unable to establish a VPN connection using any of the apps.
The apps’ privacy policies all feature a similar language and structure, suggesting they originate from the same source, and all three boast suspiciously high ratings alongside many enthusiastic reviews, all again written in a similar fashion, suggesting that some at least could be fake.
Avast says it has flagged the three apps to Apple, but has had no response as yet. TechRadar Pro has contacted Apple for comment.
“Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs. In this case, the VPNs are being sold for $9.99 (USD) a week, when trustworthy VPNs cost ten times less.” said Nikolaos Chrysaidos, Head of Mobile Threats & Security at Avast.
“These apps are not behaving maliciously so they circumvent screening processes to be added to the official app stores’ that users trust. With many people turning to VPN apps to protect their data while working remotely, this illustrates how important it is for users to research VPN apps before installing them, including who is behind the product, their track record with other products and user reviews, and experience in offering security and privacy apps.”