Regulator PhonepayPlus has warned of rogue smartphone apps that charge people money without their knowledge. Screenshot: Bonnie Cha/CNET News
On Monday, the regulator launched a consultation with the telecoms and digital industries on app-based mobile payments, in part to find the best way to mitigate the threat. It has already discovered two cases in which smartphone users incurred charges via premium text messages without being warned.
One case involved the Better Battery app, which PhonepayPlus identified as containing code that provided access to the handsets' text-messaging functionality, leading people to inadvertently sign up to a fee-based video service.
"It was clear that this coding was prompting the handset, without the knowledge or consent of the handset owner, to send a keyword to a chargeable shortcode, thereby initiating and subscribing the consumer into a separate premium-rate subscription service," PhonepayPlus said in a statement on Monday.
To successfully opt out of the service the user would have to delete the application from the handset, as well as send a message saying 'STOP'. The regulator said that the app did not make any attempt to inform users they were being subscribed to a premium-rate service, nor was the need to send the STOP message mentioned at any point in the Android permissions page.
In this instance, the regulator shut down the service and conducted an investigation, which resulted in it imposing a fine of £135,000. A second case concerning another app, Sexipix, ended in the suspension of the service and a fine of £30,000.We have had discussions with Google, and they are just as concerned as us about these developments — much of this activity breaches their terms and conditions too.– PhonepayPlus spokeswoman
PhonepayPlus said malicious premium-rate apps are not restricted to any one mobile operating system but that it had not seen "much of a problem on the Apple platform".
"The problems have mainly been on Android and the other open-source platforms," a spokeswoman for the regulator told ZDNet UK. "We have had discussions with Google, and they are just as concerned as us about these developments — much of this activity breaches their terms and conditions too."
ConsultationThe regulator released the information as part of a consultation with the telecoms and digital industries, intended to find a way of reducing the threat from rogue premium apps to smartphone owners, among other issues.
ZDNet UK Android app
Among the recommendations put forward is that consumers' consent to charges must be clear and that 'freemium' apps should be more transparent about which parts of their service carry a cost. In particular, app sellers should provide full information on which features or extras are chargeable before someone interacts with the service.
The regulator also proposed that exchange rates and expiry dates of virtual currency should be clear to users. In addition, apps stored on handsets should require re-entry of the password to prevent unauthorised purchases, such as of virtual currency.
"As software applications revolutionise the way digital content is consumed and paid for in the UK, PhonepayPlus has worked closely with industry to understand developments in the apps market," the regulator said in a statement.
"Apps enrich the lives of millions of consumers and children and are an important part of the UK's digital economy," it added. "PhonepayPlus is taking positive action to ensure that rogue providers do not damage consumers' enjoyment of apps or harm the UK's growing digital creative economy."