A new report has found that more than 600 million users installed apps from the Google Play store that are designed to make charges to a user’s account after a trial period even if they’ve uninstalled the app.

Dubbed “fleeceware” by security researchers at Sophos Group plc, which reported on the Tuesday, the apps exploit users who do not specifically opt out of a trial period. When user download an app with a trial period, they would agree to terms and conditions that say that if they want to continue to use the app after a certain time period, charges would apply.

A trial period and charging are not controversial but what comes next is. Typically, an app developer would accept that users uninstalling an app would constitute a cessation of service and hence would not charge them.

But fleeceware operators charge even when the app has been uninstalled unless the user has specifically terminated the initial agreement. Those that don’t opt out can be charged potentially hundreds of dollars by these apps. Although the practice is arguably immoral, it’s not necessarily illegal, since the requirement to opt out is in the app’s terms and conditions, even if it may be buried.

The figures involved with fleeceware apps are quite remarkable. While noting that some of the figures may have been artificially inflated by app makers, the researchers say that there are more than 600 million users across fewer than 25 apps, some apps with more than 100 million installations each. The apps span various categories and include a wide variety of entertainment or utility apps, including fortune-tellers, instant messengers, video editors and beauty apps.

Some of the apps were also found to be charging ridiculously high amounts. One app uncovered charged $69.99 per week for access while others were charging $200 for a so-called yearly subscription. Some of the apps were found to be deceptive in how they advertised trials as well, for example prompting users to pay for a monthly subscription rate on one screen and then a much different, weekly rate on another screen.

“One reason Sophos wants to create awareness and highlight this fleeceware business model is that this business model can cause significant harm to users and there’s little recourse,” Sophos researcher Jagadeesh Chandraiah wrote.

Users are advised to look for some clues when installing apps to avoid being fleeceware. Mixed reviews are often a giveaway. Users should also read everything in a trial prompt to make sure they won’t be charged lots of money. Finally and most important, users are warned that if they decide to uninstall an app, they may have to cancel the free trial formally by contacting the app developer directly.

Image: Sophos