Malicious apps charge UAE Android customers Dh1,000 for unwanted subscriptions​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

Users who downloaded the apps were signed up to premium content without their consent

The cyber-security industry, valued at $6.24bn in the Mena region in 2018, will grow at 15 per cent annually over the next five years. Courtesy Empello
Powered by automated translation

Android users in the UAE were charged for unwanted subscriptions by mobile apps without their permission, a new report found.

Users that downloaded the malware-infected apps were automatically signed up to premium content without their knowledge or prior consent, according to UAE-based Empello, which provides anti-fraud solutions for value-added services (VAS) in the telecoms sector.

The company identified three problem apps, which were available on Android’s Google Play store until October when they were finally removed. The apps still remain available on independent app download sites, the company added.

“Despite tougher government regulation, bot-blocking technology and increased consumer awareness, unwanted purchases are still being discovered at a higher frequency in the region,” said Jeremy Flynn, co-founder and director of Empello.

The three malware-embedded apps automatically subscribed the phone users to costly VAS services. VAS are non-core services in the telecoms industry such as live streaming, ring tones, online gaming and mobile advertising. Users that downloaded the apps were then instantly signed up to premium content without their knowledge.

Scammers have adapted their tactics to keep ahead of the roadblocks placed in front of them by regulators, Mr Flynn added.

“Consumers are meant to be protected from unwanted subscriptions by an OTP (one-time-password) in the sign-up process, but the latest malware infected apps read the OTP on its own to complete the subscription.”

The apps, which have had more than 100,000 downloads said Empello, are taking advantage of Android vulnerabilities and allow scammers to defraud users of over Dh1,000 per year, said Empello.

Android is one of the most widely-used operating systems, with about 2.5 billion active devices worldwide. In the second quarter of 2018, nearly 88 per cent of all smartphones sold were using the Android OS, according to market researcher Statista.

“To reduce the risk of getting an infected app, only download apps from Google Play store,” said Empello in its advisory note. “Read the reviews before downloading any app and never complete the installation of an app that seeks permission to read or write text message.”

The cybersecurity industry is one of the fastest growing markets in Middle East and North Africa region. It was valued at $6.24 billion (Dh22.9bn) in the Mena region last year, according to Mordor Intelligence, which forecasts a compound annual growth in the market of 15 per cent over the next five years.