AI-Generated Scam Apps Are Pouring Into the App Store and Google Play

Sidestepping scams in both Google Play Store and Apple’s App Store is going to be an uphill task for most smartphone users with OpenAI’s ChatGPT sprinkled across all corners of the online space.

A report published by security firm Sophos reveals a particular interest in the large-language-model-powered artificial intelligence platform by mobile apps that claim to offer a free connection that quickly runs into paid subscriptions for unsuspecting users – which the firm is referring to as “fleeceware” programs.

“Multiple apps pretending to be authentic chatbots powered by ChatGPT have emerged on Google Play and Apple Store, deceiving users and exploiting them with excessive charges,” researchers at Sophos said.

While some apps may actually provide a connection to ChatGPT, many are turning to dubious means in a bid to increase their revenue. Some of them go as far as charging the public a subscription to the free-to-use version of OpenAI’s large language model platform.

Luring Users with “Free Trial Subscription”

The Microsoft-backed company offers paid versions of ChatGPT for developers and regular users, however, the general public has a free version of the AI chatbot that’s free for use on OpenAI’s web platform.

According to the Sophos report, fleeceware programs are taking advantage of people who are aware of AI chatbots due to the frenzy that has been building around them over the last few months, but lack enough information or context on how to try them for themselves.

The researchers discovered the mobile scam applications in ads running on media platforms and social networks—it is possible to encounter them via a simple search in both Google Play and App Store.

“I saw multiple ads for these types of apps on social media platforms where it’s cheap to advertise, and sometimes they use tactics like typos in the name—calling the app ‘Chat GBT’ or others—to screen out people who might be a bit more savvy,” Sean Gallagher, a senior threat researcher at Sophos said. “They’re trying to screen out people who would do the free trial and then cancel it because it’s crap. They want the people who are not focused enough to know how to unsubscribe.”

The functionality of these applications can be accessed without charges either via the mobile operating system or through other online resources, the report said.

However, it appears that the primary objective of such apps is to entice users into registering for a brief complimentary trial, which subsequently transitions into an expensive recurring subscription fee, ultimately profiting from unaware users.

In addition, these apps employ invasive advertising techniques and other features that render the free version nearly unmanageable, further pressuring users to opt for the subscription-based version.

Fleeceware Apps Circumvent Google and Apple Guidelines

Although both have strict guidelines on the applications launched on their mobile platforms, which help to prevent fraud, the developers and owners of the fleeceware programs have devised ways to circumvent those policies.

Some peculiar behaviors depicted by fleeceware apps according to the Sophos report include sending repeated prompts to users to subscribe at a cost between $9.99 to $69.99, strict limitations on app usage, and their functionality when used without a subscription.

Developers of fleeceware apps know how to keep them right on the edge of Google and Apple terms of service. This is achieved by limiting access to private information or any attempts to go around the platforms’ security features.

Due to these actions, they are rarely flagged for additional review and are allowed to list on the app stores uninterrupted. However, fleeceware apps often may not declare in full the subscription pricing models, which are later revised without amending their functionality.

You may think only developers of these apps benefit from the revenues collected but according to Sophos Google and Apple also enrich themselves through their cuts of app store sales.

While the platforms support in-app purchases as a one-time payment or recurring subscription charges, they get a portion of all the revenue collected.

For example, Apple takes 30% of all sales made during the first year and 15% starting from the second year of operation. Apple and Google are unlikely to work hard to purge the fleeceware apps from their app stores as there is little financial incentive even though they offer little to no functionality and disregard their guidelines using artificial programs to boost their credibility and revenues.

“Using a combination of advertising within and outside of the app stores and fake reviews that game the rating systems of the stores, the developers of these misleading apps are able to lure unsuspecting device users into downloading them, often with “free trial” versions that then kick in automatic recurring subscription fees that users may not know are coming, or prompt them to buy a subscription to “pro” versions that promise greater functionality but fail to deliver,” the researchers added.

Adds and Restricted App Use Drive users to Paid Subscriptions

Sophos researchers said it may not be difficult to identify fleeceware apps due to their main characteristic – charging for features that users can access for free on other platforms in addition to employing dubious means to force users to sign up for paid subscriptions.

In the case of OpenAI, developers have access to a paid API for GPT and ChatGPT at a standard rate of $0.06 for every 750 words of output. Moreover, the company offers a pro subscription to its service at $20 per month, which according to the researchers, “guarantees availability during peak usage and provides early access to new functionality.”

OpenAI still supports the basic functionality of ChatGPT which is accessible freely to all users through the firm’s website.

The questionable apps, according to the report, were presented as free, with minimal or no mention of the necessary subscriptions to access basic features. However, the same applications employed forceful monetization strategies and often set default subscription prices that were disproportionate to the functionality they delivered.

Chat GBT, one of the Android apps flagged by Sophos, allowed users to download the app for free but using it quickly became a challenge as they were confronted by numerous ads.

The chatbot could only be used three times before users lost all functionality followed by targeted prompts to persuade users to switch to a paid subscription.

Chat GBT by default allowed users to sign up for a three-day free trial which would quickly transition to a $10 monthly subscription. A $30 annual subscription was also available to Open Chat GBT users.

The same developer was running a similar app for iOS in the App Store, according to the report.

Google and Apple are Taking Action

Sophos’ researchers observed that Apple and Google removed a few of the fleeceware AI chatbot apps they were investigating prior to disclosure.

However, some apps continued to be accessible even after the research team brought them to the attention of both tech giants.

Google and Apple confirmed receiving the submissions, with Google proceeding to remove one additional app. The companies have yet to provide any official comments regarding the discoveries.

The report suspected that some of the apps simply connected to the free-to-use ChatGPT-3 programming interface to provide content output when prompted by users while others had integrated lower-chatbot functionalities.

Since OpenAI monitors the output in terms of words, some developers had devised ways of keeping the queries unlimited but then would truncate the chatbot responses so that only snippets are provided until users switched to the paid subscription.

Gallagher said that fleeceware program developers bank on the fact that not many app users know how to manage their subscriptions as they continue to incur charges even after the app is deleted.

“We define fleeceware as something that charges an extraordinary amount of money for a feature that is available freely or at very low cost elsewhere,” he continued. “And it’s effective, because even I sometimes wonder, why am I getting charged this much by Apple every month? And it’s like, OK, there’s the shared family storage, there’s AppleCare for my phone, there’s Duolingo. You have to be very careful—you have to actively manage subscriptions to apps.”

That said, users need to know how to cancel app subscriptions as deleting them does not suffice. For iOS users, open the settings app, tap on your name followed by subscriptions, tap on the particular subscription you intend to cancel, and finish by tapping on cancel subscription.

Android users would start by opening subscriptions in Google Play, followed by selecting the subscription they intend to cancel, the third step is to tap on cancel subscription and follow subsequent instructions.

Recommended Articles:

• China is Deleting Hundreds of Thousands of AI-Generated News Accounts and Posts
• Apps Like TikTok and Instagram Drove Nearly $220 Billion in Advertising Spend in 2022
• Netflix’s Cheaper Plan With Ads Has 5 Million Monthly Active Users