UK regulator Phonepay Plus has fined a Russian company £50,000 for serious breaches of its code regarding premium-rate phone services.
The company, Connect Ltd, trading as SMSBill, created an application for Android phones that provided access to games.
When the application was installed, a text message was also sent from the phone to a premium-rate number.
The phone owner was then charged £10 for an auto-reply message.
On the sixth page of the terms and conditions presented when the application was downloaded was a notice that "charges of about £5" would be incurred.
The regulator has now said all affected customers must be refunded within the next three months.
"You have to read the small print and people never do," said Graham Cluley, senior technology consultant at Sophos.
"They were sneaky with the wording."
Sophos researcher Vanja Svajcer filmed the app downloading and saw the additional malware installing itself on the phone.
Pricing information
Phonepay Plus, which regulates services paid for by phone in the UK, said it had also received complaints from the public about the service.
"Complainants raised a number of concerns, including lack of pricing information and charging without consent," it said in its adjudication of the case.
It also found Connect Ltd had not registered with it, although this is not a legal requirement.
In addition to the fine and customer refunds, Connect Ltd must also submit any proposals for new premium-rate services to the regulator before launching them in the UK, Phonepay Plus said.
Spokeswoman Dr Shirley Dent added if the company failed to comply, Phonepay Plus could impose a larger fine or ban Connect Ltd from operating in the UK phone service market for up to five years.
"This was purely happening on Android phones," said Mr Cluley.
"There is a lot less that attacks iPhones because Apple is more rigorous in its vetting of apps. With Android, it's easy to install apps from elsewhere - that's one of it's selling points."
No comments:
Post a Comment