The industry watchdog has warned of a clampdown on rogue mobile apps that charge users without consent
The premium rate regulator (Phonepayplus) has begun plans to clamp down on smartphone apps that are charging users without their knowledge or consent.
On Monday it published a ten week consultation on its proposed guidance for app-based mobile payments. This will be an extension of its outcomes-based code of practice that came into force on 1 September.
Essentially, the consultation is with the telecoms and digital industries, and it aims to come up with the best ways to prevent apps from charging users without warning.
“PhonepayPlus has been following developments in the applications (‘apps’) market for some time,” said the regulator. “There can be no doubt that apps are revolutionising the way digital content is consumed and paid for in the UK.”
It also said that apps are a growing and important part of the UK’s digital economy.
“However, just as with any technological development, they can have their downsides. PhonepayPlus is working closely with many industry providers to understand developments in the apps market – both the opportunities and the threats,” it said.
PhonepayPlus told eWEEK Europe in an emailed statement that it had already taken action on apps which maliciously charge consumers without their knowledge or consent.
It cited the example of a ‘free battery saver’ app contained malware that accessed the phone’s text message function, allowing texts to be automatically sent and received. Text messages were sent that subscribed consumers to a premium rate subscription service without the consumer’s knowledge or consent.
PhonepayPlus immediately shut down the service, and following a full investigation, imposed a fine of £135,000.
The other rogue mobile app also involved the Android platform.
The PhonepayPlus consultation is seeking to finalise a number of key recommendations to providers.
Its recommendations says that consumers’ consent to charge must be clear; and that services operating on a ‘freemium’ model must make clear what is and is not free and consumers must be clearly informed of the price of any extra purchase options before they interact with the service.
Another recommendation is that where malware is found, it may not consider any proof of consent, such as records of text messages or calls, to be robust enough evidence of a consumer’s consent.
It also recommended that stored applications must require that the password is re-entered every time the application is opened, as this helps prevent children purchasing digital goods.
Finally it said that ‘exchange rates’ and ‘expiry dates’ for virtual currencies must be clear.
“We know that the best regulation is one that works collaboratively with industry to pre-empt before problems occur that harm consumers and damage markets,” said Paul Whiteing, PhonepayPlus’ chief executive.
“We will not hesitate to use our robust sanctioning powers to drive out rogue providers who could damage a vital part of the UK’s growing and innovative digital and creative economies,” he added. “We ask all businesses involved in the digital market, and the provision of smartphones and apps, to work with us to ensure we retain consumer confidence in digital content.”
Last month a survey by Nielsen Smartphone Analytics revealed that Android smartphone users spend almost half their time using the same ten applications, despite there being more than 250,000 Android apps available on the Android Market.
And it seems that Android may be the most vulnerable platform, at least according to security researcher Privateer. It claimed that more than a dozen common Android apps leave mobile phones vulnerable to attack.
So said Riley Hassell, founder of Privateer Labs, who alerted Google but refused to publicly identify the apps for fear they would be targeted by criminals.