Apps are so easy – as soon as you need something, you're virtually guaranteed to find an app for it online. But what if that new dating app or language training tool isn't what it seems? Not all apps are harmless. There are a number of fake apps residing on official stores, and they aren't always easy to identify.
Fake apps are designed to trick users into believing they are legitimate applications so they can do their dirty job. The intentions might vary. Some fake Android apps will show you annoying ads, while others might monitor your activity, install malware, and steal personal information. They typically fall into three categories:
If you type “calculator” in the search bar on Google Play, you will see endless results. Doesn’t this make you wonder why there are so many of them? The short answer is that some Android apps are malicious. Fake apps can reside for months on Google Play or the App Store before they get removed.
Big international companies like Facebook or Twitter have dedicated teams that chase fake apps across the internet and get rid of them. However, start-ups or smaller companies rarely have the resources to afford such a luxury.
Chingari is one such unfortunate company. This successful Indian short video app has dozens of counterfeits on Google Play, and some of them have been downloaded thousands of times. The developers of Chingari have reported the issue to Google multiple times, but not much has changed, as new copycats keep appearing.
Check the reviews. If the app rating is low, and many users complain about the service, it’s a red flag. But you should also beware of positive reviews, as some of them can be fake. Always take them with a big dose of skepticism.
Look for grammar mistakes. App creators usually polish their descriptions to perfection. If you spot any grammar mistakes or typographical errors, it’s reason enough to raise an eyebrow.
Check the number of downloads. Legitimate Android apps have millions or even billions of downloads. If you see a popular app with only several thousand downloads, it’s most likely a counterfeit.
Research the developers. Always check the developers’ reputation and see what other products they have released. Imposters sometimes use the same name as the original app creator’s, changing only one or two letters. If you don’t read every syllable thoroughly, it can be hard to spot the difference.
Be cautious about images and screenshots. Malicious apps might use low-quality illustrations or photoshopped images. Check if everything looks professional. If it doesn’t, the application might be fake.
Review permissions. If everything looks good and you decide to download the app, take the time to review the permissions it’s asking. A flashlight wishing to access your contacts or a calculator asking for access to your gallery might be a warning sign. You can also check the app permissions in your phone’s settings and see if the apps you have installed before can’t access more than they need.
While Google claims that it reviews all the apps and developers, thousands of malicious ones still sneak into the store. Every couple of months, a new case with a list of fake Android apps pops up in the news until the next scandal.
Estimates say that in 2019 there were 25,647 blacklisted apps on Google Play, which was a huge drop from 108,770 apps in 2018.
Apple’s App Store is considered to be a safer place, and their developers’ verification process is much stricter. However, it still contains fake apps.
There are many other platforms that host mobile apps, such as 9Game, Huawei's Vmall app store, Qihoo 360's Zhushou store, and Xiaomi’s app store, with an even higher concentration of malicious apps than that on Google Play.
Banking. Estimates say that 75% of Americans use banking or payment applications, making them an appealing target for hackers. As more people are shifting to digital currency, there will be more fake apps for Android and iOS roaming in the wild.
COVID-19. With the rise of the pandemic, developers started creating apps to track the spread of the virus, and with that also surged the number of malicious apps. As for now, Apple is rejecting any COVID-19-related software unless it comes from the government or a recognized health organization. Google has implemented similar measures.
Games. Hackers love games. In 2016, when Pokémon Go was released, online stores were flooded with its counterfeits and “playing guides”. One of those “guides” was downloaded by more than 500,000 people, whose devices eventually got injected with malware.
Updates. We all occasionally receive update reminders, and most of us don’t pay much attention to them. In 2019, an Android app called “Updates for Samsung” appeared on Google Play, promising updates for any Samsung device in any region. However, when you started downloading the “updates”, the app would redirect you to a payment website, offering to purchase a subscription. Many people fell for the scam, and the fake update app was downloaded 10 million times.