304 North Cardinal St.
Dorchester Center, MA 02124
304 North Cardinal St.
Dorchester Center, MA 02124
Cybercriminals make fake apps that are harmful to users and their devices. They are made to look like legitimate apps, but they actually do bad things. Some of these things are watching what you do, putting malware on your computer, showing you annoying ads, and stealing your personal information.
There are many ways to spread fake apps. They can be hosted on fake app stores or app stores that aren’t official. Even though there are security measures in place, cybercriminals can use official app stores to spread fake apps.
A cybercriminal can sign up as a developer on any app store, download a legitimate app, and change it by adding malicious code. Then, they can put their fake app in the app store.
Google says it looks at all apps and developers, but malicious apps can still show up in the Google Play Store. Google is always getting rid of fake antivirus, browser, and game apps from the Play Store. Even though Apple’s App Store only lets in apps that have been checked out, it is said to sometimes still host fake apps. From the attackers’ point of view, mobile devices are great targets because their owners take them almost everywhere, they have information about their private lives on them, and infections are hard to stop or find.
Social engineering campaigns are sometimes used to spread fake apps. For example, scammers may send emails or SMS messages that look like they came from your bank, credit card company, or other brands in order to get people to download applications that will give away their data. Fake apps may sometimes pretend to be an Android update or a security update, but if you click on the links, your information could be stolen.
There are a lot of non-official app stores or third-party app stores. There have been more malicious apps on these than on Google Play or Apple’s App Store.
There are two main types of fake apps:
These are fake apps that imitate a real ones. They might have a logo, screenshots, and art that look like the app they want to copy. The description may be stuffed with keywords that the average user might use when searching for the genuine version of the app. The name may sound like the original, but it may have one or two letters that are different.
Developers sometimes make their apps open source, which means that anyone can see and change the source code. It’s much easier to change an open-source app, like by adding ads, than to make your own app from scratch. It isn’t illegal to do so – if an app is an open source, then people are free to modify it – but the addition of ads is annoying to the end-user. It can be hard to find these kinds of apps.
While some may be harmless, fake apps are often dangerous apps. Some examples of fake apps are:
Bots that send out ads:
Apps that have been repacked often come with ads that the free version doesn’t have. Your phone might also start showing ads that you didn’t expect.
When fake apps charge purchases to your phone bill without your permission, this is called billing fraud. These could include making collection phone calls, sending premium SMS messages, or buying apps from an app store.
The dangerous app secretly uses the phone to send spam, mine cryptocurrency, or do a DDoS (distributed denial of service) attack.
This can look like a lot of different things, but a typical example would be a fake app with hate speech or violent content.
Downloaders who are bad:
These are dangerous apps that don’t have malicious code but still download other harmful apps onto your device without your permission.
A fake app might tell you to put in your login information or go to a website to do so (or infect you via that website). Then, criminals steal your login information and use it for bad things.
The goal of privilege escalation apps is to get around the number of privileges your device can have. This lets people get access to more privileges or stops core security functions from working.
Some fake apps can be used to put ransomware on your device. Because of this, your data becomes encrypted and can no longer be read. Hackers will ask you for money to let you back into your data.
Rooting apps contain code that roots the device, typically known as jailbreaking. Not all rooting apps are bad, and legitimate apps can root your device, but they need your permission and don’t do anything bad to your device.
Spam apps are made with code that will send unwanted messages to your contacts or use your device to send spam emails.
Spyware apps send information about you to other people without your permission. Text messages, call logs, contact lists, email records, photos, browser history, GPS location, and data from other apps on your device could be among the data that is used against you.
Trojan apps are ones that look harmless, like a simple game, but actually do bad things in the background. They have a good part that lets the app work as it should and a bad part that is hidden, like sending expensive SMS messages from your device without your knowledge.
Look at the comments:
Be wary of an app with a low rating and a lot of complaints from users. But reviews that are all positive could also be a red flag since fake app makers often make fake reviews to get people to download their app. If the reviews sound too good to be true, go with your gut and find something else.
Look out for grammar mistakes:
Most of the time, developers of legitimate apps will make sure that their app descriptions don’t have any typos or other mistakes. If there are mistakes in the app’s description, you should be careful.
Check how many times the file has been downloaded:
Apps that are safe to use can be downloaded millions or even billions of times. If you see a popular app that has only been downloaded a few thousand times, it might be a fake.
Find out about the builder:
Just Google the developer’s name to find out more about them. This will give you a good idea of whether or not you can trust them. Sometimes, a fake app will have the same developer name as the real app, but one or two letters will be changed to make users think it is the real thing. Pay close attention to the details, especially if you have other reasons to be wary.
Check the release date:
When did the app first come out? If it has a recent date and a lot of downloads, it’s probably not real. This is because most apps that are legal and get a lot of downloads have been out for a while.
Look over the agreement for permission:
Before you get the app, you should read the permissions agreement. Fake apps often ask for additional authorizations that are not strictly necessary. Most people don’t read the fine print, so they might not notice this.
Check how often it’s updated:
If an app is updated too often, it could mean that there are a lot of security holes in it.
Look at the symbol:
Some fake apps have icons that look like the icons of the real apps they try to copy. This is usually true of games that try to look like popular games. Look closely, and don’t let messed-up, low-quality copies of the real icons fool you.
Protect yourself if you find a fake app on your phone by:
Other steps you can take to protect yourself from fake apps include:
READ MORE ARTICLES: