because an app is in the Google Play Store
doesn’t mean that it is a legitimate app. Google
is constantly removing fraudulent apps from the
Android marketplace, such as fake antivirus,
browsers, and games.
Besides Google Play, and other app markets,
there are many other ways that fake apps can get
onto your Android device. Scammers will try any
means necessary to trick you into installing a
fake app. Criminals use emails and SMS messages
that appear to be from your bank, credit card
company or other brands to trick people into
downloading applications that will compromise
their data. Sometimes fake apps will pose as
security updates, and clicking on the links may
also lead to your information being stolen.
you're an Android user and you receive an unexpected SMS, a strange
alert or notification, or unusual requests from what may seem to be
your bank or other familiar brand, beware: criminals may be trying
to rip you off.
Although fake apps that look legitimate can sneak into the official
app stores, there are typical warning signs to watch out for before
you download and install.
Check for typos - Before you click "get" or "install" on that
app, better double checks the title and developer name for typos, as
small as they can be. Remember the sneaky developers of the fake
WhatsApp app tweaked their developer ID ever so slightly to resemble
the real developer's name.
Check for bad grammar - Another blatant red flag is bad grammar.
Why? A good number of these fake apps appear to come from
non-English speaking Asian or Russian developers. Broken English in
the app's description is a typical indicator that it's fake.
Check the numbers - Always check the download stats. If an app
of a popular service like Facebook or WhatsApp has an unusually low
download figure, then it's most likely a fake app.
Check reviews - To some extent, you can read the user reviews on
an app too. Although fake reviews (both positive and negative) can
skew the rating of an app, user comments can still provide vital
information about it.
Superfluous permissions - Before you install an app, ANY app,
please check all the permissions it's asking for first. Fake apps
will bombard you with a long list of permission requests so they can
trick you into granting them more than what's required. For example,
if a simple camera app or a GIF creator starts asking for
administrator permissions, delete it immediately!
Verify apps with Google Play Protect - Google Play Protect is
security program that was rolled out to Android gadgets last year.
it scans and verifies any app that is available in the Google Play
Store. It will then continue scanning installed apps for any changes
in behavior and warn you about any security dangers they might pose.
Check the App Name and Developer
Take a close look at the app name and the developer. In the case of
the fake WhatsApp, the developer name was visually identical, but
the name of the app should’ve raised a red flag—I can’t think of a
single time a legitimate app added the word “Update” to its name.
Even better, Google Play Protect will not only safeguard you from
malicious Google Play apps but it will also monitor and scan apps
downloaded from third-party sources.
What to Do if You Spot a Fake App?
you happen to spot a fake app, there are things you should do (aside
from, you know, not installing it). The first is to report it—let
Google know it’s a fake! To do this, scroll to the bottom of the
page (regardless of whether you’re on the web or mobile) and click
or tap on “Flag as Inappropriate.”
the web, this will take you to a Google Play help page—which is
actually sort of annoying—where you’ll need to also click on the
“report inappropriate developer reply form” link, and fill it out
Fortunately, it’s a lot easier on mobile. After you click on Flag as
Inappropriate, choose the reason why you’re reporting the app—for
fakes, use the “Copycat or Impersonation” option.
submit, and it’ll get shipped off to Google, which will (hopefully)
that you’ve done your part, share this info! Post it on Twitter,
Reddit, Facebook, or wherever else you frequent. The absolute best
thing you can do is raise awareness, because then more people will
report the app for fraudulent activity.
What can you do to protect yourself?
Unsolicited texts, emails, or sudden
notifications that appear to be from a bank, retailer, or other
known institution may not always be what they seem. Use caution with
any link delivered to you and always read the message first. Instead
of using the link supplied in the message, go directly to the
website in question and log into your account the way you would
normally. If the message seems particularly worrisome, call the
company directly to verify the information before acting online.
Always remember to think before you click. Even though there may be
a sense of urgency to one-click and install, it is better to take
the time and remind yourself of all the signs an app may be fake.
easy protection step everybody should take is to visit your Android
settings and make sure you do not allow third-party app downloads
from untrusted sites.
Norton Mobile Security App Advisor for the Google Play Store, which
is included in Norton Mobile Security provides comprehensive,
proactive protection from the threats on today’s mobile Internet
landscape. The App Advisor allows users to examine the behaviors of
an app before actually downloading it to the device. App Advisor
scans apps in the Google Play Store looking for features that can
invade privacy, display annoying/intrusive behaviors such as pop up
ads or excessive battery usage, and unnecessary data usage. It will
also detect if an app contains malware or is malicious in nature.
is an undergraduate of the Sri Lanka Institute
of information technology who is currently
following Bachelor of Information Technology
specializing in Cyber Security, currently, she
is working as an Intern - Information Security
Engineer at Sri Lanka CERT|CC