How to Spot a Fake App – A Beginner’s Guide
As people find convenience in the use of smartphones, the number of users is increasing on a daily basis. Smartphones advance regularly and many apps and software are continually created for these devices. However, not every app is designed to give the user the experience he/she is looking for. The Apple App Store and Google Play use a number of security checks to spot and remove fake/harmful apps. But apparently, that’s not enough. There are times when imposter apps still make their way to the Store, which forces users to take matters into their own hands. These apps are dangerous to both your security and privacy. If you don’t want to be a victim of such software, follow this guide and learn how to spot fake apps.
Spot Fake Apps – Content Index
Just because you saw an application on Google Play doesn’t mean that it is a legitimate app. Fake applications are everywhere and they’re used for all kinds of malicious acts, including data theft. That’s why users should learn how to spot them and protect themselves all the way.
Fake Applications 101
Fake applications have become a problem, be it on Google Play Store, iOS App Store, or any kind of store out there.
People create listings designed to resemble popular apps, often using the same icon and name, to trick users into getting/downloading them.
However, while they may look like the actual application, they’re definitely used for other deeds. We’ll be talking about that later on in the article.
Some creators offer services that are not available in one’s region or anywhere else, which makes it more tempting to get them.
For example, ESPN+’s application is only available in the US. A hacker or a fraudulent might create a mimic app of ESPN+ and distribute it in other countries. (PS. This is just an example – no fake ESPN+ app has been found on any store).
That would definitely attract millions of users around the world. Such applications are more common on Google Play Store than they are on iOS. That’s due to the fact that Google Play is open to anyone who poses as a developer, which is vulnerable to cyber-attacks.
As mentioned, fake apps are everywhere, and according to McAfee, there are 65,000+ of them in multiple stores. Even Apple’s app store wasn’t excluded as it has detected 17 infected apps last year.
Users are To Blame!
The problem doesn’t lie with the number of fake apps present in the app store only. No, the users downloaded are to blame as well. There are a lot of people who still cannot distinguish a fake app from a real one, which is why many fall victim to this attack.
A study by Avast showed that 50% of consumers cannot distinguish real apps from fake apps as the new levels of cybercrime sophistication are making it almost impossible to identify scams.
This was backed up by a study with the help of ABC News. Unsuspecting Android users downloaded bad apps a total of 4.2 million times, according to Google Play back in 2017.
Fake apps will always exist, there’s no way around it. However, there are always steps we can take to spot them and avoid drastic consequences in the process.
Why Are Fake Apps Created?
There’s a daunting question on everybody’s minds: Why do hackers and cybercriminals create such applications? Well, before we get to the why? Let’s answer the How first.
They simply download a legit app, inject malicious code into it, and then re-upload it to Play Store. As simple as that. In fact, Google Play Store has had its fair share of such applications within its catalog.
Now let’s talk about the “why”? Most fake applications are used for stealing data or harboring other malicious code. To be frank, they’re used to make money by injecting ads in the device and capitalizing on it.
Not to mention that they can take over the device, ask for a ransom in exchange for giving back the access, or empty a user’s bank account without them even knowing about it.
Back in 2017, a new type of the BankBot Trojan invaded Google Play Store. It was found hidden in solitaire and flashlight apps, which are very popular among users.
Once installed, the malware targets banking apps on the device, and creates fake overlays on real banking apps, stealing bank usernames and passwords. All the big names were targets of this malware, including the likes of ING, Chase, HSBC, Citibank, and more.
Fake Apps – The Types of Malware
Now that we shed some light on the reasons for the existence of such apps, let’s dig deeper into the malware categories that are injected within them:
- Phishing: An app that is supposedly from a trustworthy source but sends user credentials to third parties. These credentials can include usernames and passwords for banking apps.
- Backdoor: It helps the attacker take over a user’s device and perform malicious acts without him/her even knowing about it.Commercial Spyware: One of the most common malware out there. It collects users’ activities and sends them to third parties without the user’s consent.
- DDoS: The device becomes a part DDoS attack without knowing about it. The mobile on which the app is installed on will be used to send requests to overload a server and shut it down.
- Hostile Downloaders: Used to download malicious applications on the device without user consent.
- Billing fraud: Users will get an increased mobile phone bill as this malware sends premium SMS messages, purchases content using the phone bill, or calls premium numbers in the background.
- Ransomware: Another common practice where the attacker encrypts the target’s device and ask for a specific amount of money to decrypt it. Such payment is generally accepted in cryptocurrencies.
- Trojan: Malware hidden within an app that looks like a regular one, but in reality, it steals data and sends it to others in the background.
These are the common types of malware users will encounter when downloading fake apps. However, there are still a lot more and thanks to Google, we got everything we need to know in this report.
How to Spot a Fake App
There are several app stores to get applications from, and all of them have multiple security checks and scans in place. However, despite those, several counterfeit and malicious apps remain undetected, which poses a huge threat to users.
Now, our readers know what fake apps are and what they’re used for. It’s time to show them how they can spot one using several methods:
Scan the Page with a Keen Eye
The logo might be perfectly done, which may fool a lot of people into downloading the fake app. However, if they look closely, they might find a single slip up by the creator, which might save them a lot of issues later on when the app is downloaded.
Mistakes are bound to happen, and when the fraudulent is hell-bent on making the app look exactly like the original, he will definitely screw up in other departments.
Here’s where the user’s part comes in. Whenever they select an app, they have to read and check everything. There has to be something wrong with the app’s page. They have to look out for the following:
- App’s Name: Take a look at the app’s name. It might be misspelled, which gives you an idea about whether the app is fake or not.
- Description: Read the description well. You’ll notice if it’s well-written or poorly done. Fake apps mostly come with misspelled words, or like as if the description was generated by a bot. Also, legitimate developers take the time to describe the app well to give a better idea about what they’re offering.
- Screenshots: If the description method wasn’t enough, you can turn to the screenshots used. These photos represent what the user would expect from the application itself – the interface. Take a closer look at them, fake apps tend to use photoshop or add taglines that are not often used by the original developer.
- Publish Data: Most fake apps have a recent publish date, whereas a genuine app will have an “updated on” date.
- Tags: When downloading an app, check for tags like “Editor’s Choice” and “Top Developer.” These are less likely to be duplicate apps.
- App Icon: Whenever you search for the app, there’s a possibility that you’ll get several ones that go by the same name and have the same logo. A while ago, researchers discovered several fake apps in India mimicking the legitimate Aarogya Setu app. The replica was imperfect as the icon appears stretched as opposed to the legit one.
We have to keep stating that smartphone users have to be cautious of downloading fake apps that can potentially harm them in many ways. What we mentioned above is very important and it only takes a few minutes to check them out.
Check the Developer and Beware of Shady Deals
They’re called fake for a reason as they mimic the original or legitimate app to attract users to download them. As mentioned, these applications can unashamedly take on the original app’s logo.
However, one thing they might fail to fake is the developer’s name. In fact, this is one of the easiest ways to determine if the app is legit or not. For example, a while ago, an app on Google Play attempted to mimic the Avast application.
The fake Avast app’s sole purpose is to shove ads into the user’s face. It doesn’t necessarily have to have a meaningful function. Now, ads can seem like a small threat, but in reality, they’re not.
This shows that the app is collecting user information and bombarding them with ads to gain profit on their end. That’s just the best-case scenario. What’s worse is that there’s no telling what kind of other nefarious deeds could it be lying beneath the surface.
So, to be frank, before anyone downloads an app, they have to check the developer. We took Avast as an example, and here it is on Google Play Store:
As seen in the image above, the developer of this app is DevTech Inc, which is definitely not Avast. Moreover, the legit Avast application would never ask for a phone number, nor does it give away iPhone X in the process.
That’s what we call shady discounts and deals. Fraudsters will often try to convince anyone to download their fake app by offering attractive discounts or make it look like they’re paying so much less for a lot in return. Rest assured, very rarely are these from authentic sources. Don’t fall for that.
Take a Look at the Number of Downloads
We included this section after the Developer’s one for a reason. We’ll get to that in a moment, but first, let’s explain this. The number of downloads is an important factor to determine whether the app is legit or not.
Most popular applications have millions of downloads, while fake ones only harness a couple of thousands. However, if the original application is strong, and the fraudulent who created the fake one is very good at what he does, downloads will increase.
No matter how many downloads the app gets, it will never keep up with its original counterparts. For example, a while ago, a fake WhatsApp application appeared on Google Play Store. It goes by the name of “Update WhatsApp Messenger.”
Shockingly, this application harnessed more than 1 million downloads, despite the fact that it’s fake.
Compared to the original WhatsApp, 1 million downloads is nothing as it has more than 5 billion downloads on Google Play Store. So, everybody has to know that this one is fake.
If we take a look at the first image, we can see that the fake app has a Google Play page with the same look as the real Facebook-owned WhatsApp. This brings us to why we included this section here.
The developer’s name is the same, which raises some questions. This is probably due to the fact that the fraudulent who created the app added a couple of invisible characters after “Inc.” As a result, it fooled Google’s “machine intelligence” app screener.
It’s apparent that Google can be tricked. However, thanks to the number of downloads, the fake WhatsApp messenger and other fake apps can be easily spotted.
Always Read the Reviews
Checking out what users have experienced with the app can help a lot in determining whether the app is real or not. Be extra careful and cautious if the application has several negative comments.
Look for reviews that mention experiencing problems with devices since downloading the app. This could mean that the app has infected them with malware.
We encountered an application we thought to be very interesting. Actually, we came across it in an ad on social media. The video seemed intriguing as users can point their camera at a certain text, and the app will translate it to a selected language.
Well, it didn’t do that, and it required a subscription to try premium features, despite stating that it has a 7-day free trial. Moreover, many users complained that the app is withdrawing money from their account without them even signing up for the service. Not to mention that it bombarded us with ads all the time.
According to one user:
“Had to see an ad every time I clicked on something and it did not translate anything, gave up trying mainly because of endless ads coming up. Would have thought I could at least test this app on 1 thing without seeing 10 ads.”
Reviews are very important to check the app’s credibility. Also, users should scroll through the ratings. If the app has low ratings, it’s probably not good to use. These are essential things users should do before they install anything on their device, regardless of whether the app is fake or not.
Check Outside Sources
Checking app reviews is good to gain more information about it and see what other people have experienced with it. However, it’s not always reliable as some of these users aren’t that well fond of technology.
They’re just people who happened to download a certain app. Reddit users, on the other hand, are more credible. Those searching for answers can get a genuine, general consensus from a variety of people with varying amounts of experience.
Also, Reddit has a lot of developers that can indicate a flaw within an app. That’s why it’s very important to check such sources before getting to download the app on your device.
We already mentioned that there was a fake WhatsApp application on Google Play. Reddit users caught the app in the act and determined that it was a fake one.
According to a Reddit user:
“Yep, also confirmed by long-pressing the link in a browser. I’ve also installed the app and decompiled it. The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called “whatsapp.apk.” The app also tries to hide itself by not having a title and having a blank icon.”
Reddit, Quora, and the likes are excellent sources to check if an app is fake or not. Don’t hesitate to give them a look before you install it on your device. They can save you a lot of trouble.
What Can You Do To Protect Yourself?
Fake applications are not something to take lightly. They pose a real threat to your privacy behind the scenes as they steal all of the users’ personal info, tracking every move you make, or even worse.
Now, spotting a fake app is one thing, and protecting yourself from it is another. So, if you suspect that you’ve downloaded a fake application on your device, here’s what you need to do to shield yourself from any harm it may cause.
Install a Credible Antivirus
The use of spyware and other malicious malware is increasing a lot nowadays. In fact, the US witnessed a 51% increase in this department during the COVID-19 pandemic lockdown.
Fake apps might be one of the main sources for such malware to infect a user’s device, which is why it has to be protected all the time. Now, despite the users’ efforts in identifying the app, reporting it, or even uninstalling it, extra precautions should be taken.
We’re referring to antivirus software, which will fend off any kind of infection that might harm a device. However, not just any antivirus app can get the job done. One should only invest in reputable applications such as Avast, Norton, McAfee, BitDefender, etc…
Avast alone has protected over 3,500 users from apps capable of spying, mostly stalkerware, which allows attackers to track the target’s location, access his/her personal photos and videos, intercept emails, texts, and messaging apps such as Facebook and WhatsApp.
In general, a robust antivirus software package is the main component to protect your device, be it PC, Mac, Android, or IOS. Shield yourself and don’t allow any unwanted malware to invade your device.
Uninstall/Report the Application
The best thing you can do to prevent the app from injecting your device with malware is to uninstall it the moment things get uncomfortable. However, finding a fake app and deleting it after knowing about it is not enough.
You also have to share your experience on the App Store. Not only that but if you’re 100% sure about how malicious the app is, report it, and help other users in the process.
Whenever you find that there are any imitators or imposters of your apps, do the following to report them. The steps below represent what you should do on Android devices:
- Launch Google Play Store.
- Go to the detail page for the app you want to report.
- Select More followed by Flag as inappropriate.
- Choose a reason. In our case, it’s Copycat or Impersonation.
- Tap Submit.
For some reason, reporting an app on the iOS App Store is not possible anymore. In the past, users could select the “Report a Problem” option, but now, they’re only able to review the app.
Check the App’s Permissions
The app store won’t show you everything you need to determine if the app is safe or not. Sometimes, you’ll find that everything is good and you’ll decide to download the app.
However, before you do anything, take the time to review the permissions it asks for. If they make sense, you can carry on. If not and the app asks for access to more than it needs – you have to uninstall the app immediately.
For example, if you download a flashlight application and it asks to access your contacts, here’s where questions arise. Another example would be a calculator asking to access your gallery, which is also a warning sign that the app has some shady intentions.
If you happen to slip up with the process, head over to the phone’s settings and see what permissions you gave the app and disable them immediately. As a final act, remove the app from the device and get rid of any possible threat from the start.
Install a VPN
Virtual Private Networks are a must when it comes to protecting one’s security and privacy. A VPN cloaks data from prying eyes and hackers using encryption technology. Credible VPNs use military-grade encryption that’s also used by the NSA to deliver sensitive information over the web.
256-bit AES encryption is the industry standard and the strongest in the industry now. It has a key length of 256 bits, which is practically unbreakable by brute force based on current computing power.
Once the data is encrypted, no one, including those who have infected your device can spy on what you do. They won’t be able to read any of the information, sent or received at all.
Also, a VPN cloaks a user’s IP address, which means no one can figure out any of your browsing activities or your physical location. As for malware protection, most VPNs aren’t the tools to protect you here.
However, some of them come with a malware blocker, which fends off any malicious software that might be targeting your device. Now, we have to state that, just like applications, not all VPNs are friendly.
While fake apps are fake, bad VPNs mostly come in the form of free ones. They tend to collect user data and sell them to sister companies in exchange for revenue.
That’s the only way they can pay for their servers. We all know that: Nothing is for free and we become the main product in the equation at the end.
How to Spot a Fake App – Final Words
Fake applications will always be a way for cybercriminals to get a hold of your devices and steal your personal data. As we mentioned, many of you guys cannot identify a fake app, which makes the hacker’s job even easier.
The best thing you can do is educate yourself and learn how to spot fake apps on your own. This guide has everything you need to know, along with ways to protect your device if any app was already installed. If you have any more questions, feel free to drop us a line or two in the comment section below.