A new scam has been discovered by mobile security researchers to have been masquerading as an Android app that promises to find out owners of phone numbers.
The scam was flagged by cybersecurity researchers from Avast led by Nikolaos Chrysaidos. In his twitter account, Chrysaidos detailed that an app by the name of Number Finder, is advertising a free trial for its services that could track the owner of a specific phone number, instead of doing that, as the researcher has said, it is a scam.
“Number Finder application & a subscription scam on “6th Top Grossing” in @GooglePlay. Free 3 days trial and 16$/month after. One (1+) million installations (!),” Chrysiados said on Twitter. “Subscription scams have been trending for a while now in both app stores – Google and Apple,” he added. “Users should be careful using apps that require a subscription to use the basic functionality.” He said consumers should also be skeptical of apps with high monthly subscription rates.
Understandably, people would want to know the identities of unknown callers and Number Finder, published by developer POZTechnology, knows that the market demands for it. It has been downloaded more than one million times, while the collective downloads of applications posted by the developer are more than 11 million.
The app promises users that they can discover the identity of an unknown caller for a fee. As part of its “marketing strategy,” the app is offering a free 3-day trial after which the service will be billed for $16 per month.
This is where the scam takes place. “Using sneaky techniques to push the user to try the “free trial.” Put a random number, and always there will be “1 person linked to this number,” the researcher wrote on Twitter.
As part of its MO, the app offers two options for users: either they pay for the service monthly, or they search for a number’s owner which they promise always to be able to track one identity per number. But the identity of whoever owns the number will only be revealed if the user decides to subscribe to the service.
“If the user enters a number to test this, whether valid or fake, Number Finder displays the same message claiming one person is linked to that number. This appears to be a dishonest attempt to convince the user to subscribe to the service to find out whose number it is,” wrote Avast in a blog post.
To test the hypothesis of Chrysiados, Avast tried to key in numbers that they are sure to be not active and they discovered that Number Finder would nonetheless display that there is one identity linked to the bogus test numbers.
“This number is identified by one people. Get a free-started subscription to see all results unlimitedly,” reads the prompt in the app.
Numerous reviews in the Google Play Store have revealed that the people have been experiencing failure of service right after they subscribed.
One review said that she only subscribed to the app’s service to do a review and found out that “this app is trashy as hell and a scummy marketing gimmick.” Another user reported that the app prompted the same message saying that one person is matched with the number, but it turns out that no one is matched after subscribing to the feature.
Reviewers also reported that after installing the app and subscribing to its free trial, for some reasons, their WhatsApp history and contacts were wiped up. It is still unclear if the app causes the incident, or it is a different issue.
Furthermore, claims of charging people for subscribing to a supposedly “free trial” were also made. Devyani Mishra left a review saying that: “When I subscribed, immediately 990 rupees has been charged, don’t know why… as per their policy, they didn’t charge any amount in 3 days in the trial period.”
Other reviews have called the app a “money-making platform” and “absolute garbage.”
Avast has escalated the issue to Google’s anti-malware team and warned users to be vigilant in subscription services that they subscribed to.
“To avoid falling victim to scams such as this, Avast recommends that users always check the reviews and ratings of applications on both Google Play and Apple’s App Store before downloading them,” they wrote.