DARKFLEECE: Probing the Dark Side of Android Subscription Apps
Chang Yue, Chen Zhong, Kai Chen, Zhiyu Zhang, Yeonjoon Lee
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
The proliferation of subscription-based applications has revolutionized the mobile app economy, offering developers a recurring revenue stream and users access to a vast array of services and content. However, this lucrative model has inadvertently paved the way for a deceptive and increasingly prevalent threat known as **fleeceware**. These applications, while not containing traditional malicious code, exploit user trust by charging excessive subscription fees, often after a seemingly "free" trial period, through subtle manipulation of user interfaces and information presentation. In 2021 alone, fleeceware was reported to have affected over 600 million users and generated an alarming $400 million in annual revenue, underscoring the urgent need for robust detection mechanisms.
AI review
This research tackles a pervasive, under-addressed problem: fleeceware. The DARKFLEECE system provides a technically sound, efficient, and explainable method to detect deceptive dark patterns in Android subscription UIs. Identifying 443 apps with over 5 billion downloads underscores the critical impact and necessity of this work.