App Store Unauthorized Charges Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: HIGH | View Full Scam Details

Beware of the App Store Unauthorized Charges Scam in India 2026: Protect Your UPI and Wallets

Unauthorized app subscriptions and charges on your phone bills or UPI accounts are rising sharply in India. This App Store Unauthorized Charges Scam targets your phone’s payment methods, quietly stealing money while you think an app is free.

What Is the App Store Unauthorized Charges Scam?

This scam tricks users—especially young Indians like students and teenagers—into downloading apps on the Apple App Store or Google Play that appear free but secretly charge unauthorized fees. These apps often use popular gaming or social media themes with attractive, colorful icons to lure young users. Scammers post fake positive reviews to build trust and encourage downloads.

Once installed, these apps request wide-ranging permissions, sometimes buried in fine print or terms. Users unknowingly accept automatic subscription models or link their UPI payment options or saved debit/credit cards. That gives scammers ongoing access to withdraw funds without direct approval. In India, where UPI transactions have surged to trillions of rupees annually, this vulnerability is a major concern.

The scam is especially widespread among young users who may not understand the legal jargon or closely monitor their digital transactions. Recent advisories from the Indian Computer Emergency Response Team (CERT-In) and the RBI emphasize protecting digital wallets and being cautious about app permissions. The Ministry of Home Affairs' Indian Cyber Crime Coordination Centre (I4C) has also reported a sharp increase in complaints about unknown app charges in 2025 and 2026.

How This Scam Works — Step by Step

1. Discovering the Victim: Scammers promote seemingly free games or social apps through ads on social media platforms like Instagram or WhatsApp forwards.

2. Downloading the App: The user, often a minor or young adult, downloads the app from Google Play or the Apple App Store, enticed by the flashy icon or popular game theme.

3. Granting Permissions: On opening the app for the first time, the victim sees permission pop-ups requesting access to storage, contacts, or payment methods. Sometimes, users are asked to accept “terms of service” embedded with automatic subscription clauses.

4. Automatic Subscriptions Activate: Without realizing it, the user agrees to recurring payments linked to their UPI ID or saved debit/credit card. Scammers set these subscriptions to charge small amounts that go unnoticed initially but add up quickly.

5. Unauthorized Charges Appear: Victims start noticing small deductions in their bank or UPI-linked accounts, ranging from ₹100 to ₹500 or more, sometimes multiple times in a day.

6. Attempting Refunds Fails: Victims contacting the app developers or stores receive generic messages or are ignored altogether. Because permissions and subscriptions were technically “agreed” to, banks and UPI apps like Google Pay or PhonePe find it difficult to reverse charges.

Real Warning Signs to Watch For

• Apps claiming to be free but asking for multiple permissions immediately after installation
• Unfamiliar subscription notices or pop-ups hidden inside “terms and conditions”
• Small but recurring deductions in your bank or UPI transactions labeled under app store vendor names
• Poor or unusually generic developer contact information on the app store listing
• Fake positive reviews with repetitive language or very few genuine user comments
• Apps that cannot be uninstalled easily or keep sending payment reminders
• Requests to store payment card information within the app rather than using official UPI apps

What Happens to Victims

Many victims face unexpected deductions from their savings or prepaid wallets used for daily UPI payments, causing financial distress. Parents often discover these charges after their children complain of missing funds or complain about inability to play games.

The misuse of digital payment methods can also put Aadhaar-linked bank accounts at risk if SIM swap fraud occurs or OTP verification is intercepted. Victims may find it difficult to get refunds because these payments are processed as authorized subscriptions. The emotional impact includes stress, loss of trust in digital payments, and hesitation to use convenient services like UPI and mobile wallets.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has issued guidance warning users to carefully read subscription terms before granting permissions to apps. RBI’s Digital Banking Operations Department encourages users to regularly check their transaction statements and register complaints immediately upon noticing suspicious debits.

CERT-In advises installing apps only from trusted sources, reviewing app permissions, and keeping device security updated. The Indian Cyber Crime Coordination Centre (I4C) promotes awareness campaigns targeting underage users vulnerable to such scams.

If you spot unauthorized transactions, call the RBI helpline at +91-22-2657-8267 or the national cybercrime helpline 1930 to report incidents immediately.

How to Protect Yourself

1. Download apps only from official developer pages or trusted brands. Avoid flashy unknown games or social apps promising freebies.
2. Carefully check app permissions and reject those that seem unnecessary. Never grant payment-related access casually.
3. Read subscription terms thoroughly before agreeing. Look for phrases like “automatic renewal” or “billing cycle.”
4. Regularly monitor your UPI and bank accounts for small or suspicious deductions. Use apps like BHIM or your bank's official app.
5. Avoid saving debit/credit card information within apps; prefer using UPI apps with secure two-factor authentication.
6. Set transaction limits on your UPI account and enable alerts for every debit or payment.
7. If an app asks for permission to send SMS or access contacts, be extra cautious—it could be an attempt to access OTPs or contacts for fraud.

What to Do If You’ve Been Targeted

• Immediately report the unauthorized transaction to your bank or UPI app customer care. Request a transaction reversal if possible.
• Contact your bank to freeze or block your debit/credit card and request a replacement to prevent further misuse.
• File a complaint on the Government of India’s cybercrime portal at cybercrime.gov.in with full transaction details and screenshots.
• Call the 1930 cybercrime helpline for assistance in understanding your rights and finding next steps.
• Report the suspicious app on Google Play or Apple App Store to get it removed and warn other users.
• If you suspect SIM swap or Aadhaar misuse, immediately inform your telecom operator and UIDAI.

Frequently Asked Questions

Q: Can my UPI PIN or card PIN be stolen by these apps?
A: Typically, these apps do not directly steal your PINs but gain access through permissions and accept terms for automatic payments. Always safeguard your PIN by never entering it on unknown screens.

Q: Are banks liable for refunding unauthorized app store charges?
A: Banks review each case carefully. Refunds depend on whether the transaction was authorized as a subscription. Early reporting increases chances of reversal.

Q: How can I stop automatic subscription payments on my phone?
A: You can manage and cancel subscriptions via your Google Play or Apple App Store account settings under “Subscriptions.” Regularly review and cancel unused ones.

Your safety online depends on staying alert to scams like the App Store Unauthorized Charges Scam. Verify any suspicious message or app before clicking or agreeing at BharatSecure.app — India’s trusted platform to protect you from digital fraud.