Sandboxie is now an open source tool! – Sophos News

Sophos is excited to announce that Sandboxie is now an open source tool.

Sandboxie has long been a favorite sandbox-based isolation tool since its original release over fifteen years ago. Now this technology will live on in the hands of its dedicated users.

We are thrilled to give the code to the community. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level.

The Sandboxie user base represents some of the most passionate, forward thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases.

For more details, and to download the open source release visit https://www.sandboxie.com/.

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

Don’t let fleeceware sneak into your iPhone – Sophos News

Since we began writing last year about the consumer-hostile trend in mobile apps that we’re calling fleeceware, the number of apps we’ve discovered that engage in this practice have only increased. In the first two articles we wrote about fleeceware, we covered various Android apps in the official Play Store charging very high subscriptions for apps of questionable quality or utility.

In this latest round of research, we found more than 30 apps we consider fleeceware in Apple’s official App Store.

Many of these apps charge subscription rates like $30 per month or $9 per week after a 3- or 7-day trial period. If someone kept paying that subscription for a year, it would cost $360 or $468, respectively. For an app.

Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.

Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps. It’s debatable that the apps provide “ongoing value to the customer,” as required in Apple’s App Store Review Guidelines for app subscriptions, section 3.1.2(a).

 

When “free” isn’t really free

Many of the fleeceware apps we see are advertised within the App Store as “free” apps, which puts the apps at odds with  section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their “app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases.”

If you think one of these apps is free and install it, the app presents you with a “free trial” notification immediately upon launching the app for the first time. This notification prompts the user to provide payment card details. In some cases, most of the useful features of the app will only be usable if you sign up for the subscription. Some users may sign up to subscribe without reading the fine print, which includes the actual cost of the subscriptions.

Fleeceware in Top Grossing app charts

While the Apple App Store does not publish the number of downloads for any given app within the app’s listing in the store, the company does keep track of how much money apps make. Many of these fleeceware apps are listed among the top grossing apps, at the time of writing. It’s fair to say these apps are generating plenty of revenue for developers, of which Apple keeps a 30% cut during the first year.

The terms for a Lucky Life subscription displayed in a faint grey text

Zodiac Master Plus, one of the apps on our list of fleeceware, is listed as the 11th highest revenue-generating app. Another app, named Lucky Life – Future Seer, is earning more revenue than even the extremely popular Britbox, one of the UK’s most popular subscription streaming TV services.

Two of the apps earning the most revenue in the Lifestyle category use high-cost subscriptions

One third party source estimates App Store revenue, which includes all types of purchases, to be $13 billion dollars in 2018, just in the USA.

After one year, Apple gets 15% and the developer’s share increases to 85% of the subscription price.

Advertisements drive more people to fleeceware

If you find yourself wondering why users would even consider installing apps such as these, it’s probably thanks to advertising. These apps are advertised through various popular platforms, including in YouTube videos or on social media platforms like Instagram, TikTok, and even in ads that appear within other apps.

When users visit the app’s page in the App Store app, they’ll find a high number of five-star reviews. While we have no evidence that these are manipulated or artificially inflated reviews, that is another criteria by which the App Store may take action against developers. These advertisements offer a high return on investment, given the high subscription charges.

But not all the reviews are upbeat about these products. Here are a few examples of negative user reviews that illustrate how ads attract users to the apps.

Negative reviews and vulnerable users

These apps also have lots of negative, one-star reviews from users complaining about the challenge of canceling subscriptions and getting refunds, with many iPhone and iPad owners wondering aloud why apps that exhibit this type of behavior exist on Apple’s official App Store.

In one instance, one user posted a complaint about being charged £148 (about US$170) over a 5 month period, when his child accidentally subscribed to one of these apps, and he didn’t notice the subscription charges right away.

The negative reviews for some of these products are devastating.

Both iOS and Android face a fleeceware problem

Fleeceware is a problem on both the Android and iOS mobile platforms. The list below is representative of the fleeceware apps we’ve seen at the time of this writing. App publishers also have the ability to introduce new fleeceware apps by releasing new apps with the same subscription policies, or by converting a previously free app into fleeceware by changing the app’s profile in the App Store, though Apple developer policies prohibit this behavior.

Users should remain vigilant and carefully scrutinize the terms for purchasing or “subscribing” to apps promoted through in-app advertisements. If $30 a week seems like a lot to spend on astrology, a barcode reader, or an app that will show you what you’ll look like when you’re 80 years old, find another app.

How to cancel your subscriptions

If you have one of these fleeceware apps and want to change or cancel your subscription, please follow the instructions below

iOS

This is how you can do it on Iphone as described in Apple support page here.

  1. Open the Settings app.
  2. Tap your name, then tap Subscriptions.*
  3. Tap the subscription that you want to manage. Don’t see the subscription that you’re looking for?
  4. Choose a different subscription option, or tap Cancel Subscription.If you don’t see Cancel Subscription, the subscription is already canceled and won’t renew.

*If you don’t see “Subscriptions” in the Settings app, tap iTunes & App Store instead. Tap your Apple ID (which is usually your email address), then tap View Apple ID. Sign in, scroll down to Subscriptions, then tap Subscriptions.

iPhone showing where you can find subscriptions in Settings.

Android

Instructions for cancelling Android app subscriptions from Google’s Play Store support page:

On your Android phone or tablet, open the Play Store.

  1. Check if you’re signed in to the correct Google Account.
  2. Tap the hamburger menu icon Menuand then Subscriptions.
  3. Select the subscription you want to cancel.
  4. Tap Cancel subscription.
  5. Follow the instructions.

Fleeceware Apps List

App Name Weekly Monthly Yearly Rank* Download** Revenue**
Seer App:Face, Horoscope, Palm $7.99 $29.99 $79.99 #153 20k $20k
Selfie Art – Photo Editor £8.49 £24.49 £89.99 #14 500k $700k
Palmistry Decoder $8.99 $69.99 #23 300k $600k
Lucky Life – Future Seer $8.99 $24.99 $69.99 #40 200k $200k
Life Palmistry – AI Palm & Tag $7.99 $24.99 $79.99 #39 100k $200k
Picsjoy-Cartoon Effect Editor $7.99 $79.99 <5k
Aging seer – Faceapp,Horoscope $7.99 $8.99 $59.99 <5k
Face Aging Scan-AI Age Camera $8.99 $59.99 <5k
Face Reader – Horoscope Secret $2.99 $9.99 $59.99 <5k
Horoscope Secret $9.99 $29.99 $74.99 <5k
CIAO – Live Video Chat $19.99 $74.99 #66 60k $80k
Astro Time & Daily Horoscope $7.99 $19.99 $49.99 #106 20k $30k
Video Recorder / Reaction $2.99 $9.99 $49.99 <5k
Crazy Helium Funny Face Editor $4.99 $9.99 $49.99 #384 70k $7k
Banuba: Face Filters & Effects $7.99 $24.99 $79.99 #50 70k $100k
QR Code Reader – Scanner £8.99 £12.49 #444 <5k $40k
QR Code Reader & Barcode PRO $9.49 $47.99 #103 80k $90k
Max Volume Booster £9.99 £19.49 £48.99 #134 20k <$5k
Face Reading – Horoscope 2020 $4.99 $15.99 $69.99 <5k
Forecast Master 2019 £8.99 £19.99 #134 <5k $10k
mSpy Lite Phone Family Tracker $49.99/quarter $99.99 #3 1mil $700k
Fortunescope: Palm Reader 2019 $9.99 #876 80k $200k
Zodiac Master Plus – Palm Scan $8.99 $22.99 $83.99 #9 200k $500k
WonderKey-Cartoon Avatar Maker $7.99 $18.99 $79.99 #18 30k $60k
Avatar Creator – Cartoon Emoji $8.99 $67.99 #52 200k $100k
iMoji – Cartoon Avatar Emojis £7.99 £19.49 £87.99 #55 10k $20k
Life Insight-Palm & Animal Face $8.99 $22.99 $69.99 #26 400k $600k
Curiosity Lab-Fun Encyclopedia £7.99 £25.49 £87.99 #80 10k $9k
Quick Art: 1-Tap Photo Editor £7.99 £25.49 £87.99 #157 20k $8k
Astroline astrology, horoscope $8.99 $19.99 $49.99 #20 200k $300k
Celeb Twin – Who you look like

 

$5.99 $19.99 $59.99 #682 <5k
My Replica – Celebrity Like Me

 

£7.99 £19.99 £49.99 #56 90k $70k
TOTAL (estimated in USA) 3.5 Million

(approx. 3,680,000)

$4.5 Million

(4,644,000)

* Highest Ranking Based on Sensor Tower Top Grossing iPhone Apps Category Rank history in their specific category between Dec9-Mar2 2020 in USA

**Sensor Tower data, worldwide, as of Jan 2020

Acknowledgement

Thanks to researcher Xinran Wu for his assistance with this post.

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

Staying safe in our physical and digital worlds

Most of our lives are now connected on the internet. We stay in touch with our loved ones, order food, talk to our doctors, do our banking — and now, many of us also work from home. 

We are all facing challenges we did not predict a few weeks ago. Never before has our society been more dependent on the internet, and never before have people been more vulnerable. Each individual is now exposed to more phishing attacks and we are seeing a new wave of cyber threats capitalizing on the fear surrounding the pandemic.

While hero first responders and doctors are fighting for lives attacked by a biological virus, the global IT security standards community is doing its best to protect us in the digital world. The human body and the internet are both amazing complex structures that will always be attacked, but we are resilient. 

Last year at BlackHat USA, the conference issued its annual 2019 Black Hat USA Attendee Survey, in which one question asked what cybersecurity technologies have been most effective for data security and privacy online. The response was clear: multi-factor authentication (MFA). MFA was the highest ranked security tool for protecting enterprise data, with 82% of respondents citing it as effective. 

History has shown that if we come together and collaborate on solutions, we can invent cures. During the last decade, our team at Yubico has worked closely with internet giants and open standards bodies, and together we invented the best authentication solutions to prevent remote account takeovers: FIDO U2F, FIDO2 and WebAuthn. See the stats below, or read the full research here. 

Since a few weeks ago, most of the Yubico team is working from home, but we have been fortunate to continue to serve our customers, partners and developer community around the world. Moving ahead, we are committed to help make the world safer by continuing to contribute to open security standards, and providing free open source tools and support for technology that makes a difference. We will also continue to donate YubiKeys to non-profit organizations supporting a free open internet and free speech to safeguard security for the world at large.  

Without doubt, the world is in a crisis. But no matter how difficult things get, there is often a way, and through these challenges we can boost our spirits and immune system if we find things that make us smile. A couple of weeks ago, the Yubico team made a short video to explain how FIDO authentication works, which made me smile. I hope it can do the same for you.

Stay healthy and safe. 

P.S. — If you want a dog to look at a computer screen, show cat videos. To learn more about how to secure your remote workers, tune into any of our upcoming and on-demand webinars on BrightTALK. 

Net Universe offers all Yubikeys with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/yubikey.
You can visit our Shop Online