A Russian Android developer who claimed that its SMS app granted access to games for free after installing the software, has been slapped with a fine of £50,000 after it was found that the app charged users before directing them to the game portal.

The developer, Connect Ltd, trading as SMSBill, was fined by UK regulator PhonepayPlus. Along with the £50,000 fine, the developer is to refund customers within the next three months.

Installing the app sent a text message charging £10 via an auto-reply message. Charges seemingly went to the user's phone bill, leaving many with an unpleasant surprise. According to PhonepayPlus, the app racked up between £100,000 and £250,000 per customer. It is not know what Connect Ltd earned from the app, or who received the money.

The developer falsely claimed that the charge was listed in the terms and conditions. It takes six pages of the terms and conditions to explain that a charge is incurred, and it says that users will pay £5, not £10.

Complaints against unadvertised charges from the app led to an investigation, and SophosLab researcher Vanja Svajcer spotted a malicious link on Facebook from the app. The link was disguised as a friend request on the social network, and clicking it downloaded malicious software. with seemingly no way to prevent the download.

Some question how the app arrived in Google Play, the Android app store, as the malicious functionality should have been spotted by Google. The open-source nature of the Android platforms means that restrictions are lax, especially when compared to Apple's strict vetting process for iOS. Google likely did not know about the charges until the news broke.

The malicious app is not the first to enter the Android platform: a different Russian developer, earlier in 2012, built an SMS app that sent messages to contacts without a user knowing. The app was banned shortly after release.

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.