Cybersecurity agency Sophos has warned that there’s a rising variety of doubtful ChatGPT apps profiting from the surging curiosity in OpenAI’s chatbot to fleece victims of cash. Some additionally monitor customers and harvest their knowledge.
These “fleeceware applications,” discovered on each Google’s Play Store and Apple’s App Store, have the identical primary performance out there at no cost on OpenAI’s web site and its just lately launched ChatGPT iOS app.
“All of the apps were offered as free [with little or no mention of subscriptions required to unlock basic functionality], had aggressive monetization tactics, and came with default subscription rates that were in many cases not in line with the functionality they provided,” Sophos mentioned in a report on May 17.
Although initially free, these apps lure customers into buying a subscription by bombarding them with advertisements and limiting the options out there. The price of a subscription varies from as little as $6 month-to-month to as much as $364 yearly.
Despite “their near-zero functionality” and artificially boosted app evaluations, “there’s little incentive” for Apple and Google to delete these apps as they obtain a proportion of their earnings. Sophos mentioned it had reported its findings to each firms. While Google has eliminated a few of these questionable apps, Apple is but to take motion on the time of writing.
Fleeceware Apps First Observed in 2020
Sophos first reported on fleeceware apps in 2020, revealing that spurious apps on the Play Store have been charging customers upwards of $200 a month for options that have been out there at no cost or at a a lot decrease price.
Since then, Google and Apple have up to date their insurance policies to curb cash-stealing apps. Among different issues, app builders are required to “be upfront about their subscription fees” and permit customers to cancel free trials earlier than charging them, Sophos mentioned. However, fleeceware apps have additionally advanced to bypass these insurance policies.
Sophos’ newest investigation into fleeceware apps started after Sophos X-Ops principal researcher Andrew Brandt got here throughout an advert for an app named “Chat GBT” with a emblem that bears a hanging resemblance to OpenAI’s.
“We found many other apps jumping on the ChatGPT bandwagon following a similar naming convention in an effort to attract users searching for the right app,” Sophos mentioned.
Fleeceware Tactics
According to Sophos, these pretend ChatGPT apps are inclined to restrict the variety of every day queries or present abbreviated responses to push customers to pay for a subscription.
At least one in all these fleeceware apps on the App Store requests permission to “track user activity across other apps and websites” beneath the guise of utilizing this knowledge to enhance its performance. Another app additionally requests permission to ship notifications.
Unfortunately, these fleeceware apps have already been put in by 1000’s of customers.
Fleeceware apps are “rarely rejected” throughout evaluation as they don’t seem to be designed to entry non-public info or bypass app retailer safety like different malicious apps, Sophos mentioned.
While these apps don’t outrightly violate app retailer insurance policies, they arrive near doing so. For instance, Apple’s App Store insurance policies prohibit builders from blocking, manipulating, or tricking customers. However, these apps often pressure customers to fee them and interrupt customers with pop-ups.
One of those apps “regularly interrupted application use with a window prompting for free trial signup—with automatic subscriptions at $8 a week—that could only be bypassed after waiting a few minutes for a window-closing “x” to look,” Sophos mentioned.
How to Avoid Fleeceware Apps
Due to the dimensions of the Play Store and App Store, it’s troublesome for Google and Apple to police their respective platforms successfully and wipe out all malicious apps. We’ve noticed pretend ChatGPT apps showing on each platforms because the starting of the yr. Last month, Chinese tech firm Baidu sued Apple over apps impersonating its Ernie chatbot on the App Store.
To keep away from falling sufferer to fleeceware, Sophos recommends paying “close attention to in-app payments and subscriptions tied to “free trial” software program.” The firm additionally recommends assessing evaluations.
“If you’ve discovered you have installed a fleeceware app, it’s important to note that just deleting the app will not end the subscription,” Sophos famous. Your account might proceed to be charged, so cancel your subscription earlier than deleting any doubtful app.
“For now, the only real defense is user education. Before tapping the install button, users need to make sure they’re aware of any in-app purchases associated with a free app and evaluate whether the fees associated with any application are in line with what’s available elsewhere. And when applications use unethical means to profit, users should report them to Apple or Google,” Sophos suggested.
Don’t miss something! Sign up for our publication
Mirza Silajdzic
Tech Journalist
With a level in Global Communications, Mirza has in depth expertise working in promoting and advertising. He works as a journalist and researcher at VPNOverview, writing about knowledge breaches, vulnerabilities, and cybersecurity points.
