Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Doctor Web: How to deal with mobile subscriptions

April 10, 2017

WAP-click technology, which simplifies the process of subscribing mobile users to various chargeable services, has been around for years. As a result of its use by some network providers, users can lose money by accidentally subscribing to a service that they don’t want and that will be difficult for them to unsubscribe from. Doctor Web describes how you can protect yourself from unforeseen expenses related to WAP-click.

Services that organize access to paid content using WAP-click are provided by many network providers. They actively use numerous partner programs that allow website owners to monetize mobile traffic. For example, MegaFon announced a new WAP-click technology in 2012. The provider marketed it as a service “that allows MegaFon subscribers to purchase audio, video and graphic files under a simplified procedure on websites belonging to the company’s partners and to use services that do not require loading”.

screenshot #drweb

This technology is simple: a mobile web user is redirected to a webpage containing a message advising them that they must pay to access the requested content. The webpage is equipped with a button that subscribes the user to the paid service when they click on it.

screenshot #drweb
screenshot #drweb screenshot #drweb
screenshot #drweb screenshot #drweb
screenshot #drweb screenshot #drweb
One of the screenshots is borrowed from appleinsider.ru material

Soon this service became a matter of discussion both among users and on the pages of online media: in particular, WAP-click has been mentioned by VC.RU, Apple Insider and many others. One of the users even prepared a petition, demanding that network providers ensure that paid subscriptions are confirmed via SMS.

And, the subscription is available for all of the users in the mobile provider’s network. Owners of USB modems have also fallen victim to unauthorized subscriptions and search for solutions to this problem on their own: some of the solutions are described in detail on such websites as http://vsyako.blogspot.ru/2014/06/podpiski.html and https://антиподписки.рф. For Windows users, one of the suggested methods of combating paid subscriptions is by making the corresponding changes in the hosts file. Initially the recommendations suggested limiting access to wap.megafonpro.ru, the website through which subscriptions are processed. Perhaps, this method was effective for a while, but later it was discovered that MegaFon owns a number of other domains with the same functionality:

IpHostnsorgdate
83.149.0.245(wap.)megafonpro.runs1.misp.ruPJSC "MegaFon"2004-02-25T21:00:00Z
83.149.0.245podpiskipro.runs1.nwgsm.ru PJSC "MegaFon"2014-02-25T07:24:40Z
83.149.0.245iclickpro.runs1.nwgsm.ru PJSC "MegaFon"2015-02-17T13:45:14Z
31.173.34.226moy-m-portal.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-04-07T15:00:38Z
31.173.34.226propodpiski.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:21Z
31.173.34.227mfprovas.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:22Z
31.173.34.227vasmfpro.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:22Z
31.173.34.227propodpiskimf.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:23Z
31.173.34.227promfvas.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:23Z
31.173.34.227vasmpro.runs1.misp.ru North-West Branch of PJSC "MegaFon"2016-05-10T11:39:24Z

Let’s review a real example of WAP-click technology at work. Doctor Web specialists conducted an experiment that reflects their experience using MegaFon’s mobile Internet. Let’s assume that on the eve of the summer growing season a user intends to plant onions in their vegetable garden. Naturally, the best way to do this is according to the instructions our gardener found via a Google search. The search request “how and when to plant onions” pulled up a link that seemed to meet the user’s needs.

screenshot #drweb

A special script is embedded in the HTML code of the website the link leads to. This script identifies the user’s network provider. In our example, all the following actions are performed only for MegaFon subscribers.

When attempting to go to this web resource, a chain of automatic redirections is executed. It consists of at least 5-7 intermediates. This chain ends on an online subscription site belonging to MegaFon, according to data provided by WHOIS.

Information on the subscription service page clearly warns that the user must pay 30 rubles per day to access the website they need. The payment to view the web resource is explained by the presence of “articles and news intended for personal use”. However, in some cases, for example, on devices with high-screen resolution (a tablet or computer with a connected USB modem), this important warning becomes less noticeable. The visitor may simply miss this text in small print.

screenshot #drweb
screenshot #drweb

Even if the user agrees to the proposed terms and conditions, they will not see information on onions anyway. After clicking the subscription button, they will be redirected to infonews24.ru via another chain of redirections. This web resource belongs to LLC Informpartnyor (http://informpartner.com). The user will then receive an SMS notifying them that they subscribed to the paid service successfully. It’s worth noting as an aside that owners of USB modems that don’t support SMS notifications will not get a message telling them they have successfully signed up for a service—they will only find out about it when they get the bill from their network provider.

screenshot #drweb screenshot #drweb

From the moment the subscription button is clicked, the user’s account is charged 30 rubles daily, even if they have not visited the paid website, used the Internet or even turned on the phone.

screenshot #drweb

It is not that easy to unsubscribe from paid access to web resources. For several days, our specialists sent USSD requests from a mobile device in order to determine the presence of paid content services. However, the SMS replies from MegaFon stated that the given subscriber number had no active subscriptions.

screenshot #drweb

We have observed the exact same result in the “Dashboard” of a MegaFon user, regardless of whether we logged in with a mobile device or via a desktop, and on the special website http://podpiski.megafon.ru: no mention was made about paid access to web resources. In our case, subscription information appeared in the “Dashboard” only several days later. In the interim period, the subscription fee was charged daily.

screenshot #drweb

MegaFon itself offers its users a special content account designed specifically for the debiting of subscription payments. This account eliminates any chance of spending money from the user’s main account. To get this free service, users must contact the technical support service or visit the provider’s office.

There is also an alternative method of avoiding WAP-click subscriptions—MegaFon suggests sending the special request “УСТЗАПРЕТ1” (“USTZAPRET1”) to its service number. However, it should be noted that this ban on subscriptions is valid only for 90 days, after which a MegaFon user can once again accidentally subscribe to some paid service.

screenshot #drweb

If you notice that funds are regularly being debited from your mobile account, you should absolutely check whether you are being charged for any paid subscriptions. It is also recommended that you connect a content account in order to keep the funds in your main account with the mobile network provider secure. Doctor Web advises you to be alert when using mobile Internet, and in case you discover you have accidentally subscribed to some paid services, it is recommended that you cancel them as soon as possible—on your own or by contacting your network provider’s support service.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040