You should always be wary of the applications that you download onto your phone. Although smartphones are typically less susceptible to viruses or malware than computers, there's still a chance that some malicious software could try to grab your money or sensitive, personal information without your knowledge. However, as we'll see within this article, it doesn't always take a virus to do so.

Though most third-party software and application developers can be trusted, producing content for genuine entertainment, utility or educational purposes, there are a select few out there that attempt to gain financially off the back of deceiving users. Recently, Google removed an application from their Play Store that attempted to do this very thing.

The offending application was called ‘Pingu Cleans Up’, a cartoon-themed game that would be highly-appealing to younger users. In part, this makes the attempted scam even more concerning, as it’s likely that younger users would’ve easily fallen victim to the scam; we explain how, below.

What was the scam?

When you launched the application for the first time on your smartphone, you would be asked to create a new game character, a penguin, using a three-step process. The first two steps were innocent enough, requiring you to choose from a number of optional character attributes, then hit a confirmation button. However, the third step was where the developers of this application attempted to deceive users.

In step three, you would see a window designed similarly to the first two, although the confirmation button was replaced with the word 'Subscribe'. Mindlessly tapping on the third button to fast-track through the menus would see you subscribe to a charge of €5.49 every week thereafter, using the credit or debit card attached to your Google Play account.

Were there any red flags?

Anybody caught out by the subscription scam might have found themselves asking whether there were any red flags that should’ve made it obvious what was going on. Though the design of this scam was reasonably clever, there were some indications that something was amiss:

  • The application had a large amount of negative consumer feedback on the Google Play Store, with comments specifically highlighting that they were being swindled out of money;
  • None of the 'Terms of Use' could be unchecked in any of the three steps throughout the ‘character creation process’. Had you clicked onto the terms, it likely would’ve highlighted the payments;
  • Although listed as a free application on the Play Store at the time, the third window specifically lists the type of card (‘MasterCard’ in this case) that would be charged.

The lesson to be learned from this example of devious software design is always to be wary of the applications that you download, and to be even more aware of what you're accepting whilst in an application. We've previously looked at news reports of viruses on iPhone that are disguised as genuine operating system login boxes, but are simply viruses masquerading as a legitimate prompt.

Of course, if you let your children use applications on your phone, they may not be so alert to this type of thing. We would recommend creating a secondary user account for the Google Play Store that has no credit card attached to it; this would also allow you to specify kid-friendly permissions.

Can the payments be stopped?

Anybody who didn't have a credit card designated as their payment method on their Google Play account would've been less susceptible to the scam. In these cases, the way that the third window was designed made it obvious that a payment method was required to be able to proceed.

Those with a card attached to their account were less fortunate. At the time that the application was still live on the Google Play Store, the payments could be stopped by unsubscribing from the application, though it wouldn’t always be immediately obvious that you were being debited unless you keep a close eye on your bank statements. However, as soon as Google removed the application from the Google Play Store, affected users no longer needed to manually cancel the subscription. At this point, all active subscriptions were cancelled automatically.

WiseGuys can provide advice

If you have previously downloaded this application and have concerns, or you have any more questions about this or similar phone-related viruses or potentially malicious applications, then you can seek more advice from WiseGuys by calling us on 0808 123 2820.