Fake apps: what you see is not what you get

Apps are undoubtedly one of the greatest inventions that make our lives easier and more convenient. The widespread “there’s an app for that” belief brought a new frontier: fake apps. Unfortunately, the official app stores aren’t security-foolproof, and you can unwittingly download fake apps from there. Hence, it’s worth looking twice before you hit the installation button. Here’s why.

What are fake apps?

Fake apps are the ones that closely mimic legitimate applications and provide proper functionalities while hiding malicious intents. They copy the appearance and features of authentic apps to trick unsuspecting users into downloading them. Some of the fake apps perform benign activities, such as serving annoying ads and banners. But some of them pose far more severe threats.

There are fake apps that can read and steal your private information, like contacts, messages, storage, and camera. More invasive apps can even harvest your financial logins or divert your transactions toward illegitimate accounts. They can also use your device to carry out a DDoS attack on a server. According to statistics of 2019, there were as many as 65,000 fake apps present in different app stores. Surprisingly, the majority of them belong to the world-leading app store providers. Even fake VPNs can appear for the sake of tricking users into downloading unsafe programs.

How do fake apps reach your device?

Given the goal, cybercriminals use different ways of building and deploying fake apps. One of the techniques is to create fake apps for famous brands that don’t have applications on their own. For instance, an app masquerading as MyEtherWallet made its way to the top of the App Store charts. Until noticed, the faker rose to 3rd place in the Finance category.

Another common strategy to distribute fake apps is to clone authentic apps and integrate malicious codes into them. Unfortunately, not all of the apps available on official app stores are secure. Threat actors take advantage of apps’ vulnerabilities to reverse-engineer them. After that, the cloned application looks and functions exactly like the original one. At the same time, it performs malicious activities. Therefore, without the need to develop a new app from scratch, the criminal simply uploads it on the app store.

But how can fake apps distribute through the world’s most trusted official app store providers? Well, Apple App Store and Google Play Store do have stringent standards and vetting processes for developers submitting apps. However, cybercriminals still find their ways to slip in and get millions of downloads before getting caught. For instance, over a million users unwittingly installed an app masquerading as WhatsApp until Google discovered it.

How to spot fake apps?

1. Download apps from official stores only. Indeed, the security of Google, Apple, and other authorized stores is not 100% foolproof. However, imagine unknown third-party sources where apps don’t have to go through vetting check-ups to comply with particular standards. Third-party platforms are the real open ground for hackers to compromise your phone.
2. Check the app’s description. If the app’s description contains spelling mistakes or grammatical errors, it’s likely a faker. You should sense if the description sounds unnaturally robotic, rather than professionally clear.
3. Check the app’s reviews. Thoroughly check all the comments or complaints about apps. If someone complains about getting too many ads and annoying pop-ups within the app, it’s a huge red flag. If there aren’t any user reviews, chances are, it belongs to the fake apps category.
4. Check the number of installments. If an app of a popular service, like Facebook or WhatsApp, has unusually low download stats, it’s most likely one of the fake apps. Unless the service is less popular, and the number of app installments and positive reviews are high, you’re safe to download it.
5. Use reputable antivirus software. In case you unknowingly download malicious software, an antivirus will inform you about the threat right at the time.
6. Use a Virtual Private Network. Even if you install fake apps, no one can steal your data after a VPN encrypts it. Furthermore, Atlas VPN’s feature SafeBrowse prevents you from entering malicious services and sites, so you wouldn’t unwittingly fall for deceptive offers.